From owner-freebsd-questions@FreeBSD.ORG Wed Aug 18 22:31:13 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 43F2616A4CE for ; Wed, 18 Aug 2004 22:31:13 +0000 (GMT) Received: from sdf.lonestar.org (ol.freeshell.org [192.94.73.20]) by mx1.FreeBSD.org (Postfix) with ESMTP id EAA6343D39 for ; Wed, 18 Aug 2004 22:31:12 +0000 (GMT) (envelope-from lukas@sdf.lonestar.org) Received: from sdf.lonestar.org (IDENT:lukas@ukato.freeshell.org [192.94.73.7]) by sdf.lonestar.org (8.12.10/8.12.10) with ESMTP id i7IMV8g8003601 for ; Wed, 18 Aug 2004 22:31:09 GMT Received: (from lukas@localhost) by sdf.lonestar.org (8.12.10/8.12.8/Submit) id i7IMV8Cn016964; Wed, 18 Aug 2004 15:31:08 -0700 (PDT) Date: Wed, 18 Aug 2004 15:31:08 -0700 (PDT) From: Luke X-X-Sender: lukas@ukato.freeshell.org To: freebsd-questions@freebsd.org Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Subject: Setting up a jail's IP address? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: LukeD@pobox.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Aug 2004 22:31:13 -0000 I'm attempting to set up my first jail. This box acts as a firewall for my network. It contains two network cards - one points to my internal network and the other to the outside world. I want to run SSH in a jail to allow SSH access from the outside world to a controlled environment inside this box. The first problem I'm having is that according to every jail tutorial I've seen so far, I'm supposed to bind the IP address of the jail to a NIC. Well... both of my NICs already have IP addresses bound to them, so ifconfig always fails with "ioctl (SIOCAIFADDR): File exists". The second problem is that I'm not entirely sure which network card I would bind the jail to anyway. The jail has to have an internal IP address, I assume, but it needs to talk to the outside world so my first instinct is to bind it to the network card that's hooked to the outside network. That would mean binding two addresses that aren't even on the same network to one card, and that sounds like it might be problematic. Can someone clear this up for me?