From owner-freebsd-chat Sun Apr 21 0:34:15 2002 Delivered-To: freebsd-chat@freebsd.org Received: from avocet.prod.itd.earthlink.net (avocet.mail.pas.earthlink.net [207.217.120.50]) by hub.freebsd.org (Postfix) with ESMTP id 0F3D537B404 for ; Sun, 21 Apr 2002 00:34:05 -0700 (PDT) Received: from pool0021.cvx21-bradley.dialup.earthlink.net ([209.179.192.21] helo=mindspring.com) by avocet.prod.itd.earthlink.net with esmtp (Exim 3.33 #2) id 16zBr9-0004Yg-00; Sun, 21 Apr 2002 00:33:55 -0700 Message-ID: <3CC26B45.184E8039@mindspring.com> Date: Sun, 21 Apr 2002 00:33:25 -0700 From: Terry Lambert X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Brett Glass Cc: "Matthew D. Fuller" , chat@FreeBSD.ORG Subject: Re: How to control address used by INADDR_ANY? References: <4.3.2.7.2.20020420111258.021d7270@nospam.lariat.org> <4.3.2.7.2.20020419144005.0358c610@nospam.lariat.org> <4.3.2.7.2.20020419144005.0358c610@nospam.lariat.org> <4.3.2.7.2.20020420004621.02379880@nospam.lariat.org> <3CC1245C.EEE4ADE@mindspring.com> <4.3.2.7.2.20020420111258.021d7270@nospam.lariat.org> <4.3.2.7.2.20020420113621.021dfd00@nospam.lariat.org> <4.3.2.7.2.20020420204617.021f4470@nospam.lariat.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Brett Glass wrote: > >> 2) Running local processes in a "jail" (assuming that this would > >> force their IP source addresses to the address assigned to the > >> "jail...." Would it? > > > >No, it would not force the source address. > > Are you sure? I haven't played much with jails, but I do note the > following on the jail(8) man page: > > > jail.socket_unixiproute_only > > The jail functionality binds an IPv4 address to each jail, and lim- > > its access to other network addresses in the IPv4 space that may be > > available in the host environment. > > I had always interpreted this to mean that the apps operating in > the jail were limited -- both when they listened and when they > opened outbound sockets -- to using the jail's IPv4 address. You are confusing routing with sockets, again. Jails do not result in an implicit bind to an IP address for outbound connect requests (maybe they should, but that's another discussion). If you read the documentation for how to use jails, you should note that you are required to disable INADDR_ANY binding of daemons running in the host environment, for the jail code to function properly. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message