Date: Sun, 18 Sep 2005 17:10:23 +0100 From: Angus MacGyver <macgyver@calibre-solutions.co.uk> To: freebsd-alpha@freebsd.org Subject: more Fun with Jails. Message-ID: <1127059823.13699.20.camel@yavin4.calibre-solutions.co.uk>
next in thread | raw e-mail | index | archive | help
Hi all... Currently running 5.4, p5 with 4 jails configured and running their own nice software.. Coming up to looking at the firewall situation.. so, did this.. ipfw add 0100 allow ip from any to any via lo0 ... ... When I actually set this rule up to log, i can see all traffice between the 4 jails is going via lo0.. Ok, great, sorta.... 1) It's good as nothing is seen on the outside world 2) It's bad, as it means that any traffic to/from all jails and it's host is allowed, which I may not want to do for any obvious reason. Question is.. Can I force any traffic from one jail, say 10.0.1.2 to 10.0.1.3 go via a real interface, say xl0, and then apply nice firewall rules as expected, or do i have to put up with this situation??? (I am setting up allowing ip from any to any via lo0 simply as a lot of internal things will break, or so I am led to beleive) Can anyone assist ? Regards AM -- Angus MacGyver <macgyver@calibre-solutions.co.uk>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1127059823.13699.20.camel>