From owner-freebsd-alpha@FreeBSD.ORG  Sun Sep 18 16:10:27 2005
Return-Path: <owner-freebsd-alpha@FreeBSD.ORG>
X-Original-To: freebsd-alpha@freebsd.org
Delivered-To: freebsd-alpha@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 17F6816A41F
	for <freebsd-alpha@freebsd.org>; Sun, 18 Sep 2005 16:10:27 +0000 (GMT)
	(envelope-from macgyver@calibre-solutions.co.uk)
Received: from mail.calibre-solutions.co.uk (ns0.calibre-solutions.co.uk
	[217.79.104.50])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 9FB2C43D46
	for <freebsd-alpha@freebsd.org>; Sun, 18 Sep 2005 16:10:26 +0000 (GMT)
	(envelope-from macgyver@calibre-solutions.co.uk)
Received: from vmx.calibre-solutions.co.uk (unknown [172.16.1.3])
	by mail.calibre-solutions.co.uk (Postfix) with ESMTP id F0C413F8D
	for <freebsd-alpha@freebsd.org>; Sun, 18 Sep 2005 16:10:16 +0000 (UTC)
Received: from yavin4.calibre-solutions.co.uk (yavin4.calibre-solutions.co.uk
	[172.16.1.25])
	by vmx.calibre-solutions.co.uk (Postfix) with ESMTP id E6A9EAF88
	for <freebsd-alpha@freebsd.org>; Sun, 18 Sep 2005 17:09:21 +0100 (BST)
From: Angus MacGyver <macgyver@calibre-solutions.co.uk>
To: freebsd-alpha@freebsd.org
Content-Type: text/plain
Date: Sun, 18 Sep 2005 17:10:23 +0100
Message-Id: <1127059823.13699.20.camel@yavin4.calibre-solutions.co.uk>
Mime-Version: 1.0
X-Mailer: Evolution 2.0.4 (2.0.4-6) 
Content-Transfer-Encoding: 7bit
Subject: more Fun with Jails.
X-BeenThere: freebsd-alpha@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Porting FreeBSD to the Alpha <freebsd-alpha.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-alpha>,
	<mailto:freebsd-alpha-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-alpha>
List-Post: <mailto:freebsd-alpha@freebsd.org>
List-Help: <mailto:freebsd-alpha-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-alpha>,
	<mailto:freebsd-alpha-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Sep 2005 16:10:27 -0000

Hi all...

Currently running 5.4, p5 with 4 jails configured and running their own
nice software..

Coming up to looking at the firewall situation..

so, did this..
ipfw add 0100 allow ip from any to any via lo0
... 
...

When I actually set this rule up to log, i can see all traffice between
the 4 jails is going via lo0..
Ok, great, sorta....

1) It's good as nothing is seen on the outside world

2) It's bad, as it means that any traffic to/from all jails and it's
host is allowed, which I may not want to do for any obvious reason.


Question is..
Can I force any traffic from one jail, say 10.0.1.2 to 10.0.1.3 go via a
real interface, say xl0, and then apply nice firewall rules as expected,

or do i have to put up with this situation???

(I am setting up allowing ip from any to any via lo0 simply as a lot of
internal things will break, or so I am led to beleive)

Can anyone assist ?

Regards
AM

-- 
Angus MacGyver <macgyver@calibre-solutions.co.uk>