From owner-freebsd-stable@freebsd.org Wed Oct 7 17:44:18 2015 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 125629D1090 for ; Wed, 7 Oct 2015 17:44:18 +0000 (UTC) (envelope-from jan-mailinglists@demter.de) Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.126.187]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mout.kundenserver.de", Issuer "TeleSec ServerPass DE-2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 973247A3 for ; Wed, 7 Oct 2015 17:44:17 +0000 (UTC) (envelope-from jan-mailinglists@demter.de) Received: from wolpertinger.fritz.box ([88.217.181.46]) by mrelayeu.kundenserver.de (mreue002) with ESMTPSA (Nemesis) id 0LrVgT-1akOrT0l0n-013QDV; Wed, 07 Oct 2015 19:44:14 +0200 Subject: Re: bind host service to jail ip? To: freebsd-stable@freebsd.org, marko.cupac@mimar.rs References: <20151007161525.1beca1eb@efreet.kappastar.com> <56153D62.8070601@quip.cz> From: Jan Demter Message-ID: <561559ED.4060105@demter.de> Date: Wed, 7 Oct 2015 19:44:13 +0200 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 MIME-Version: 1.0 In-Reply-To: <56153D62.8070601@quip.cz> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-Provags-ID: V03:K0:FkPup/RBSAV08NQqxjB7g2SbSR2QkJyfM77I20zL0lXw7WJi5GI fwFQd4m3ebLBjPUPZde67Ihun3fQNp0ha4jwuj3IGGsznXWr7qbauESrKrbCCatQIBlDdgl aFnrDpzAiQ19BJT4VBTlgOCqx5wvR5Vix7jQNmQ5I5FBKDrlsbAv2stTnytVIxJg6AIOaez q0YJ8/Xuxo7otGV7Riy0w== X-UI-Out-Filterresults: notjunk:1;V01:K0:vknfwi4xoFs=:xv3H4279qjrW2pyg64yr28 YXwOj4NbiYj/Rm/ITnlanBz9KGuhPXW+O2DDIlt47Ew5xAZSzcZOc28QI/JtIBGVz4XbzJsTC 8q8ecURtOVqbWA7g3ichPL/QID0wwD905izV+TEeGtWxfRtHQsw2imh5++iCgmUGHSXMXPS8S rRTCE3MCzX7gbuAAurxznXGk34WFDlpae1B1TJYR2HawKeVWO4NLwA8Lzr6BCPnnjzaqXlqBt 4APLikvo1MSPouya2SnDZkkhxOKhYgmxqfgOVUX1tMXe3Eu0osn4EsDpySNFzw+CQtb7zpfnK +b5gAEmvXAmGTXnMbkt4iiNCf/3bAJmk1MP91smhEwOiBPoUCfgFsdXCUhpmn22S9ylS/BpVT wn6MAFWDTJTLyTPQDa6MkFuMQcva4pIbb4SCMdaVIGgF2Nc/MRhN34/KyG4kNizIVbgtRgeqw eyaE8uBtAqIUzFibN1Up1zAP2ReW4+j5/Tze0+emp8CWmoTNzQJWjpzQdO3nbnPkkYsIG8Z6C 5j1RJHodGwRbK3SG6nfMCyHzimY19tgJOV/bmd1HkRQT5m/5+gmVvAUsMeG2h4bZitBJu5CYA c+nAvFm4WNUCbqoczrGMc0ZxbjXlrMWCqdC5hX+VnwOlpBQrS35qTF/j0AvA3aEoeMtedkRKG wifNDBSVrHC6+LVm7ffpDlHL/w7a643azYc07huR0jer+G31F4e74f8Qhf6ykSp7UMz4dsqF1 MBFY1dPsh5ShD6cI X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Oct 2015 17:44:18 -0000 On 07/10/15 17:42, Miroslav Lachman wrote: > Marko Cupać wrote on 10/07/2015 16:15: > > [...] > >> - If I ran openntpd in host and bound it to jails' ip addresses, would >> clients be able to sync? If so, are there any negative implications >> to this? > > I don't know if somethng has been changed over time, but if you run some > service in host on IP assigned to jail on port not used in jail, there > will be no conflict and service will be available to public A thing to keep in mind here is that anything running inside the jail can override the host (without any noticeable conflict), as a bind to an address from inside a jail will take precedent over the hosts listening sockets. So if you are going to run any less trusted code in the jails, it will be able to manipulate time for the clients using the jails address. Greetings Jan