From owner-freebsd-security  Wed Apr  3  4: 1:16 2002
Delivered-To: freebsd-security@freebsd.org
Received: from blues.jpj.net (blues.jpj.net [204.97.17.6])
	by hub.freebsd.org (Postfix) with ESMTP id 7661337B416
	for <freebsd-security@FreeBSD.ORG>; Wed,  3 Apr 2002 04:01:13 -0800 (PST)
Received: from localhost (trevor@localhost)
	by blues.jpj.net (8.11.6/8.11.6) with ESMTP id g33C1Ap03620;
	Wed, 3 Apr 2002 07:01:10 -0500 (EST)
Date: Wed, 3 Apr 2002 07:01:10 -0500 (EST)
From: Trevor Johnson <trevor@jpj.net>
To: "David G . Andersen" <danderse@cs.utah.edu>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: Jail with one IP?
In-Reply-To: <20020402181402.A27138@cs.utah.edu>
Message-ID: <20020403065410.T799-100000@blues.jpj.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

> Does anyone have warnings / experience with how Jail will behave
> when used with a single IP address, as "chroot++"?

It works for me.  I do it with ipf and ipnat, on a small scale.

There's a detailed article on this at
http://www.BSDpro.com/info.php?cat=security&fileid=00014#article .
-- 
Trevor Johnson


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message