From owner-freebsd-security@FreeBSD.ORG  Fri Dec 19 09:13:04 2003
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3607716A4CE
	for <freebsd-security@freebsd.org>;
	Fri, 19 Dec 2003 09:13:04 -0800 (PST)
Received: from mail.metric.ru (ns.metric.ru [195.209.60.22])
	by mx1.FreeBSD.org (Postfix) with ESMTP id AE7F443D1D
	for <freebsd-security@freebsd.org>;
	Fri, 19 Dec 2003 09:13:02 -0800 (PST)
	(envelope-from list@ostankino.ru)
Received: from sysadmin ([195.209.60.140]) by mail.metric.ru with Microsoft
	SMTPSVC(5.0.2195.6713);	 Fri, 19 Dec 2003 20:13:01 +0300
Date: Fri, 19 Dec 2003 20:13:41 +0300
From: Ilya Kiselyov <list@ostankino.ru>
To: freebsd-security@freebsd.org
Message-Id: <20031219201341.60c724f9.list@ostankino.ru>
In-Reply-To: <20031219164713.GA76661@blurp.one.pl>
References: <20031219162648.GA76539@blurp.one.pl>
	<20031219193645.759a4dbe.list@ostankino.ru>
	<20031219164713.GA76661@blurp.one.pl>
Organization: TCO
X-Mailer: Sylpheed version 0.9.6claws (GTK+ 1.2.10; i386-portbld-freebsd4.8)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 19 Dec 2003 17:13:01.0316 (UTC)
	FILETIME=[5B518440:01C3C653]
Subject: Re: Configuring JAIL to bind on lo0 interface
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Dec 2003 17:13:04 -0000

Hello!

> > > Can anybody help me with that problem. For now i set it up on external IP
> > > and everythig is okej. But i want to have this jail on diffrent iface that
> > > is not an external iface and is set for example on 127.0.0.10.
> > 
> > You should probably use a real ip for jail, not from 127.0.0.0/8.
> > 
> 
> So there is no chance to set it up on 127.0.0.0/8 and have access to
> internet ? I wanted to have some daemons listenig on aliased IP on lo0
> iface. And then set up few rules on firewall to forward traffic from external
> IP to those ip on lo0 interface.

In case you just want it to be on lo0, you can set up a real ip alias on lo0. If you need both lo0 AND 127.0.0.0/8... Well, do you _really_ need such a configuration?

-- 
  Regards, Ilya