From owner-freebsd-security@FreeBSD.ORG Mon May 12 11:29:11 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 68A5837B401 for ; Mon, 12 May 2003 11:29:11 -0700 (PDT) Received: from mail.schatti.ch (zux183-070.adsl.green.ch [80.254.183.70]) by mx1.FreeBSD.org (Postfix) with ESMTP id 926D643F93 for ; Mon, 12 May 2003 11:29:08 -0700 (PDT) (envelope-from freebsdquestions@schatti.ch) Received: from localhost (localhost [127.0.0.1]) (uid 1002) by mail.schatti.ch with local; Mon, 12 May 2003 20:37:15 +0200 From: freebsdquestions@schatti.ch To: freebsd-security@FreeBSD.org Date: Mon, 12 May 2003 20:37:15 +0200 Mime-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Sender: freebsdquestions@schatti.ch Message-ID: Subject: Re: Gateway config X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 May 2003 18:29:11 -0000 >On Sunday 11 May 2003 03:19 pm, freebsdquestions@schatti.ch wrote: >> Hi all! >> >> Short question: could anyone point me to documents regarding topics: >> jails! & nat & (ipfw|ip tables) - I'm in process to build a new system... >> Planned layout: >> >> NET---router/nat-----gateway:freebsd5.x/nat--------inner net >> >> | | L- apache/php (lo_alias1) >> | >> | L------ mail server (lo_alias2) >> >> L----------- djbdns (lo_alias3) >> >> Any hints, do's and dont's ? what about natd/ipnat ? which is better for >> dynamic rules ? Especially: how to manage that in conjunction with >multiple >> jails ?? > >Helps having a subject on these things, especially if a discussion gets >brewing. > >I have yet to see any really good articles on the web concerning Jail >setups. >The AbsoluteBSD book has a really sweet walk through in getting jails up >and >running. Not much information on how to get your jails updated though, >which >I had hoped to research a little bit further. > >I did happen upon the following doing a quick Googling about... > >FreeBSD Jail Software and Docs >http://memberwebs.com/nielsen/freebsd/jails/> > >FreeBSD Jail Scripts >http://jailnotes.cg.nu/zcripts > >And the really well written man page... >man 8 jail > >I too would be curious to see anything additional that you might find on >the >subject. The basic concepts are reasonable enough, but there are a few >devilish details I'd like to see more of. > >One item that I'm kind of curious about, and betting others might be as >well. >What do you mean by "dynamic rules"? Dynamic in what sense? Dynamic as in >stateful firewall, or IP, or what? Also, I'd like to see examples of devfs-configurations, and how they are stored/restored.. Dynamic: In sense of 'stateful firewall'; where to put the rules:before or after nat ? If anyone has some sort of scripts for jails, devfs - feel free to send me those. thx Slim