From owner-freebsd-hackers  Sun Mar 16 13:14:40 2003
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 573F337B404
	for <freebsd-hackers@freebsd.org>; Sun, 16 Mar 2003 13:14:39 -0800 (PST)
Received: from puck.nether.net (puck.nether.net [204.42.254.5])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 5CF2943F3F
	for <freebsd-hackers@freebsd.org>; Sun, 16 Mar 2003 13:14:38 -0800 (PST)
	(envelope-from jared@puck.nether.net)
Received: (from jared@localhost)
	by puck.nether.net (8.12.8/8.12.6) id h2GLE0KX001107
	for freebsd-hackers@freebsd.org; Sun, 16 Mar 2003 16:14:00 -0500
Date: Sun, 16 Mar 2003 16:14:00 -0500
From: Jared Mauch <jared@puck.Nether.net>
To: freebsd-hackers@freebsd.org
Subject: jail support for ping, traceroute, etc.. crude hack
Message-ID: <20030316211400.GE32478@puck.nether.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.3i
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG


	so, i am working on building a "super-server" for me
and several friends to collaborate with on the money front
to put our machine in a colo location, etc.. and still have good
access to networking resources.

	as a result, i needed to modify the FreeBSD kernel such
that it will allow us to use ping, traceroute and other tools.

	obviously we know there will be some underlying security
issues associated but we are sophisticated to understand the
nature of these and they are an 'acceptable' situation.

	my diffs are available at

http://puck.nether.net/~jared/fbsd-4.8-rc1-diff-jail-raw_ip.txt
and are against the 4.8-rc1 /usr/src/sys tree

	yeah, they're crude but it gets the desired job done.  there
is a sysctl to control it, so if its not the desired operation
it can be easily tweaked.

	send me comments.

	enjoy,

	- jared

-- 
Jared Mauch  | pgp key available via finger from jared@puck.nether.net
clue++;      | http://puck.nether.net/~jared/  My statements are only mine.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message