[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ezjail] stop jail from accessing internal IPs on host



On 23.01.11 07:34, Cyberia / Jisri wrote:

Hello Jisri,

> to clarify I have a jail with public ip x.x.x.212
> and on the host I have an internal ip 192.162.3.33 to access some
> network devices.
> my question is can I stop jail users from accessing the internal devices
> using jail configurations/settings or a firewall is a must?

This is a classical job for a firewall. I guess you have configured your
host as ip-forwarder anyway, so there is a route for your jail to see
192.162(?! you mean 168?)/16. So when ipfw is running anyway, why not
add a rule to deny x.x.x/24=>192.168/16?

Regards,

  erdgeist