From owner-freebsd-questions@FreeBSD.ORG Sat Jul 30 16:55:48 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9779316A41F for ; Sat, 30 Jul 2005 16:55:48 +0000 (GMT) (envelope-from glenn@antimatter.net) Received: from cobalt.antimatter.net (cobalt.antimatter.net [69.55.224.239]) by mx1.FreeBSD.org (Postfix) with ESMTP id 54D0243D45 for ; Sat, 30 Jul 2005 16:55:48 +0000 (GMT) (envelope-from glenn@antimatter.net) Received: from glenn-mobile.antimatter.net (cpe-66-27-86-22.san.res.rr.com [66.27.86.22]) (authenticated bits=0) by cobalt.antimatter.net (8.13.4/8.13.4) with ESMTP id j6UGtkm6029002 (version=TLSv1/SSLv3 cipher=DES-CBC3-SHA bits=168 verify=NO); Sat, 30 Jul 2005 09:55:47 -0700 Message-Id: <6.1.0.6.2.20050730094948.12a1cd50@cobalt.antimatter.net> X-Sender: lists@cobalt.antimatter.net X-Mailer: QUALCOMM Windows Eudora Version 6.1.0.6 Date: Sat, 30 Jul 2005 09:51:55 -0700 To: "Chad Leigh -- Shire.Net LLC" , Chatchawan Wongsiriprasert From: Glenn Dawson In-Reply-To: <9D57A8CD-C930-4881-84BF-E98089761FAE@shire.net> References: <52771.58.136.66.157.1122701141.squirrel@secure.abatravel.net> <9D57A8CD-C930-4881-84BF-E98089761FAE@shire.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Cc: freebsd-questions@freebsd.org Subject: Re: Acess 127.0.0.1 from FreeBSD jail X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 30 Jul 2005 16:55:48 -0000 At 10:35 PM 7/29/2005, Chad Leigh -- Shire.Net LLC wrote: >On Jul 29, 2005, at 11:25 PM, Chatchawan Wongsiriprasert wrote: > >>Hi, >> I am now using chroot apache+php, and want to move to more secure >>FreeBSD jail. >> >> After read the FreeBSD handbook, I have been successfully created a >>jailed apache+php on my test server but there is a litle problem that >>need to be solved before I put it on my real server. >> >> I run mysql-server on this server and make it listen only to >>127.0.0.1 >>(--bind-address option). How can I access mysql-server on this server >>from the jail without >> (1) make mysql-server listen to the real ip (I don't want to open >>another door to my server -- firewall can be employ but this add >>another complexity to my setup) > >Create a separate jail on the system and put mysql in that. Make the >address of this mysql jail be 192.168.1.1 or something like that. >The apache jail will be able to reach it but the outside won't. > >You should still have a firewall of some sort. > >> or >> (2) using unix socket (a lot of code to change and test -- most >>are >>develop by another people). > >Using the socket option is better as it probably also performs better >(I don't know this for sure -- am just guessing) Using the sockets in mysql is faster. The only code you should need to change is the code that open's the connection to the database, everything else will work just fine. -Glenn >Chad > >> >> >>Regards, >>Chatchawan Wongsiriprasert >> >>_______________________________________________ >>freebsd-questions@freebsd.org mailing list >>http://lists.freebsd.org/mailman/listinfo/freebsd-questions >>To unsubscribe, send any mail to "freebsd-questions- unsubscribe@freebsd.org" > >--- >Chad Leigh -- Shire.Net LLC >Your Web App and Email hosting provider >chad@shire.net > > >_______________________________________________ >freebsd-questions@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-questions >To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"