From owner-freebsd-security@FreeBSD.ORG Fri Dec 19 09:21:11 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4393F16A4CE for ; Fri, 19 Dec 2003 09:21:11 -0800 (PST) Received: from smtpout.mac.com (A17-250-248-97.apple.com [17.250.248.97]) by mx1.FreeBSD.org (Postfix) with ESMTP id D5ACC43D3F for ; Fri, 19 Dec 2003 09:21:09 -0800 (PST) (envelope-from lomion@mac.com) Received: from mac.com (smtpin08-en2 [10.13.10.153]) by smtpout.mac.com (Xserve/MantshX 2.0) with ESMTP id hBJHL9iQ011085; Fri, 19 Dec 2003 09:21:09 -0800 (PST) Received: from [192.168.2.102] (bgp585760bgs.jdover01.nj.comcast.net [68.39.198.236]) (authenticated bits=0)hBJHL8LA001291; Fri, 19 Dec 2003 09:21:08 -0800 (PST) In-Reply-To: <20031219201341.60c724f9.list@ostankino.ru> References: <20031219162648.GA76539@blurp.one.pl> <20031219193645.759a4dbe.list@ostankino.ru> <20031219164713.GA76661@blurp.one.pl> <20031219201341.60c724f9.list@ostankino.ru> Mime-Version: 1.0 (Apple Message framework v609) Content-Type: multipart/signed; micalg=sha1; boundary=Apple-Mail-3--942013615; protocol="application/pkcs7-signature" Message-Id: From: Lawrence Sica Date: Fri, 19 Dec 2003 12:21:06 -0500 To: Ilya Kiselyov X-Mailer: Apple Mail (2.609) X-Content-Filtered-By: Mailman/MimeDel 2.1.1 cc: freebsd-security Subject: Re: Configuring JAIL to bind on lo0 interface X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Dec 2003 17:21:11 -0000 --Apple-Mail-3--942013615 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII; format=flowed On Dec 19, 2003, at 12:13 PM, Ilya Kiselyov wrote: > Hello! > >>>> Can anybody help me with that problem. For now i set it up on >>>> external IP >>>> and everythig is okej. But i want to have this jail on diffrent >>>> iface that >>>> is not an external iface and is set for example on 127.0.0.10. >>> >>> You should probably use a real ip for jail, not from 127.0.0.0/8. >>> >> >> So there is no chance to set it up on 127.0.0.0/8 and have access to >> internet ? I wanted to have some daemons listenig on aliased IP on lo0 >> iface. And then set up few rules on firewall to forward traffic from >> external >> IP to those ip on lo0 interface. > > In case you just want it to be on lo0, you can set up a real ip alias > on lo0. If you need both lo0 AND 127.0.0.0/8... Well, do you _really_ > need such a configuration? > Changing the ip on lo0 can be break things or expose you, a lot of sensitive stuff goes over localhost, so be very very carfeul mucking with the ip on lo0. --Larry --Apple-Mail-3--942013615--