From owner-freebsd-security@FreeBSD.ORG  Tue Mar  7 16:03:56 2006
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
X-Original-To: freebsd-security@freebsd.org
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3392E16A420
	for <freebsd-security@freebsd.org>;
	Tue,  7 Mar 2006 16:03:56 +0000 (GMT)
	(envelope-from ricardo_bsd@yahoo.com.br)
Received: from maritaca.epm.br (disrouter.epm.br [200.17.25.161])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6280A43D6E
	for <freebsd-security@freebsd.org>;
	Tue,  7 Mar 2006 16:03:55 +0000 (GMT)
	(envelope-from ricardo_bsd@yahoo.com.br)
Received: from localhost (localhost.localdomain [127.0.0.1])
	by maritaca.epm.br (Postfix) with ESMTP id F145D3A92;
	Tue,  7 Mar 2006 13:03:52 -0300 (BRST)
Received: from [172.22.1.166] (ricardo.epm.br [172.22.1.166])
	by maritaca.epm.br (Postfix) with ESMTP id 576B83A7B;
	Tue,  7 Mar 2006 13:03:46 -0300 (BRST)
Message-ID: <440DAEB2.3030102@yahoo.com.br>
Date: Tue, 07 Mar 2006 13:02:58 -0300
From: "Ricardo A. Reis" <ricardo_bsd@yahoo.com.br>
User-Agent: Thunderbird 1.5 (X11/20060209)
MIME-Version: 1.0
To: Cyril Jaouich <cjaouich@yahoo.ca>
References: <20060307150703.75574.qmail@web30609.mail.mud.yahoo.com>
In-Reply-To: <20060307150703.75574.qmail@web30609.mail.mud.yahoo.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
UNIFESP-Virus-Scanned: by amavisd-new at dis.epm.br
Cc: freebsd-security@freebsd.org
Subject: Re: Jails and loopback interfaces
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Mar 2006 16:03:56 -0000

Hi Cyril,

For access loopback inside the jail, is necessary configure in host server
alias for loopback and start jail using loopback.
Remember loopback address is all 127/8 !

Ex. rc.conf

ifconfig_lo0_alias0="inet 127.0.0.2 netmask 0xffffffff"


jail_packages_rootdir="/jail/packages"
jail_packages_hostname="packages.xxx.xxx"
jail_packages_ip="127.0.0.2"
jail_packages_exec_start="/bin/sh /etc/rc"
jail_packages_exec_stop="/bin/sh /etc/rc.shutdown"
jail_packages_devfs_enable="YES"
jail_packages_fdescfs_enable="NO"
jail_packages_procfs_enable="NO"
jail_packages_mount_enable="YES"
jail_packages_devfs_ruleset="devfsrules_jail"
jail_packages_fstab="/etc/fstab.packages"

Ricardo A. Reis
UNIFESP
Unix and Network Admin

> Hi,
>
> Running: Freebsd 6.0
>
>   I am wondering if it is possible to have acces to loopback ip in a jail. I
> currently have a server running a jail. In the jail, there is a database and a
> web server. I would like to be able to have the database only bind on a
> loopback address and not on the jail's ip.
>
>   Can this be done and how?
>
>   Thanks
>
> -Cyril
>
>
> 	
>
> 	
> 		
> __________________________________________________________
> Lèche-vitrine ou lèche-écran ?
> magasinage.yahoo.ca
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
>
>