[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ezjail] ezjail and ipfw



Rudy and ohthers,

Thanks. I now understand this.
But I still have to open the ports on the host machine to the ip address used by the jail???

Thanks for all the answers. I'm learning to understand jails

Jack

----- Original Message ----- From: "Rudy" <crapsh AT monkeybrains DOT net>
To: <ezjail AT erdgeist DOT org>
Sent: Monday, December 14, 2009 5:35 PM
Subject: Re: [ezjail] ezjail and ipfw



Jack,

Even more simply put (and really, you should test this so you see it in
action and understand jails better),
inside a jail  * = the IP assigned to it.
inside the 'non jail system' * = all the ips on the box.

So, if you have
IP   Hostname
10.0.0.2 jailA
10.0.0.3 jailB
10.0.0.4 jailC
and you log onto jailA and bing apache to * then it will be listening
only to 10.0.0.2.  Type ifconfig inside of jailA and you will only see
10.0.0.2.  type ifconfig while logged into jailC an you will only see
10.0.0.4.

Oh, you can log into jails from the 'host'  (eg non-jailed, master
FreeBSD instance) with the jexec command.
jls (list jails)
jexec PICK_NUMBER_FROM_JLS tcsh
ifconfig -a


Good luck!

Rudy

Jack,

services inside jail will only listen to  addresses assigned to jail.
They wont try to listen to any other system address. All you should take
care of are host services (i had to make changes to ssh and ntpd configs
myself).

Ruben