From owner-freebsd-security@FreeBSD.ORG  Mon Jul  4 11:16:50 2005
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
X-Original-To: freebsd-security@freebsd.org
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7A84F16A41C
	for <freebsd-security@freebsd.org>;
	Mon,  4 Jul 2005 11:16:50 +0000 (GMT)
	(envelope-from michael.schuh@gmail.com)
Received: from nproxy.gmail.com (nproxy.gmail.com [64.233.182.192])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 09F1D43D4C
	for <freebsd-security@freebsd.org>;
	Mon,  4 Jul 2005 11:16:49 +0000 (GMT)
	(envelope-from michael.schuh@gmail.com)
Received: by nproxy.gmail.com with SMTP id g2so151678nfe
	for <freebsd-security@freebsd.org>;
	Mon, 04 Jul 2005 04:16:48 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com;
	h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition;
	b=n4SGkTprcSweDmrl9V92Q5c/JKfmpI2ybjcuQqBfNd0SaY4AjW71XOY2QAcGM2mF2gRYs47Q069Su5NUyUrJJkKGNGPHOrzxYwBn87qwsCiJyA05xDt+VWombmQhRvBvFXTV3emR2ZiaWV5Es0l4mbLF/xjd8j6nLNpMG6/Qvtg=
Received: by 10.48.240.16 with SMTP id n16mr105398nfh;
	Mon, 04 Jul 2005 04:16:48 -0700 (PDT)
Received: by 10.48.244.20 with HTTP; Mon, 4 Jul 2005 04:16:48 -0700 (PDT)
Message-ID: <1dbad315050704041679890bb7@mail.gmail.com>
Date: Mon, 4 Jul 2005 13:16:48 +0200
From: Michael Schuh <michael.schuh@gmail.com>
To: delphij@frontfree.net, freebsd-security@freebsd.org
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Cc: 
Subject: Re: bind() on 127.0.0.1 in jail: bound to the outside address?
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Michael Schuh <michael.schuh@gmail.com>
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Jul 2005 11:16:50 -0000

Hello,

in Jails you cannot bound any application to the 127.0.0.1,
you ccan always bound only to the jail-ip.

If you setup sshd in jail (or an other way to get a shell in this jail) so=
=20
you can make the ifconfig -a so that you can see you have only the outbound
address 192.168.1.1 ( the jail-ip) to bind services to that address.

jou can not have more then one 127.0.0.1, because this address is
viewable in the Host
enviroment, but you can try to setting up 127.0.0.2 as second
ipdadress of the lo-device
and get these the jail, but you loose then the other ip ( i think, be not s=
ure).

try to set the second ip-address in rc.conf of the jail.

best regards

michael