[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ezjail] stop jail from accessing internal IPs on host



Thank you Dirk.
yes I meant 192.168.x.x on the host.
I thought maybe there is a tweak or an option I missed to keep the
jail within the given ip address only.
it might be a nice security feature if it is dueable.
Will use the firewall rule as you adviced.
Have a great day.
Regards,
Jisri

On Mon, Jan 24, 2011 at 12:32 PM, Dirk Engling <erdgeist AT erdgeist DOT org> wrote:
On 23.01.11 07:34, Cyberia / Jisri wrote:

Hello Jisri,

> to clarify I have a jail with public ip x.x.x.212
> and on the host I have an internal ip 192.162.3.33 to access some
> network devices.
> my question is can I stop jail users from accessing the internal devices
> using jail configurations/settings or a firewall is a must?

This is a classical job for a firewall. I guess you have configured your
host as ip-forwarder anyway, so there is a route for your jail to see
192.162(?! you mean 168?)/16. So when ipfw is running anyway, why not
add a rule to deny x.x.x/24=>192.168/16?

Regards,

 erdgeist