Date: Fri, 19 Dec 2003 12:21:06 -0500 From: Lawrence Sica <lomion@mac.com> To: Ilya Kiselyov <list@ostankino.ru> Cc: freebsd-security <freebsd-security@freebsd.org> Subject: Re: Configuring JAIL to bind on lo0 interface Message-ID: <BAFB2116-3247-11D8-97BA-000393A335A2@mac.com> In-Reply-To: <20031219201341.60c724f9.list@ostankino.ru> References: <20031219162648.GA76539@blurp.one.pl> <20031219193645.759a4dbe.list@ostankino.ru> <20031219164713.GA76661@blurp.one.pl> <20031219201341.60c724f9.list@ostankino.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
--Apple-Mail-3--942013615 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII; format=flowed On Dec 19, 2003, at 12:13 PM, Ilya Kiselyov wrote: > Hello! > >>>> Can anybody help me with that problem. For now i set it up on >>>> external IP >>>> and everythig is okej. But i want to have this jail on diffrent >>>> iface that >>>> is not an external iface and is set for example on 127.0.0.10. >>> >>> You should probably use a real ip for jail, not from 127.0.0.0/8. >>> >> >> So there is no chance to set it up on 127.0.0.0/8 and have access to >> internet ? I wanted to have some daemons listenig on aliased IP on lo0 >> iface. And then set up few rules on firewall to forward traffic from >> external >> IP to those ip on lo0 interface. > > In case you just want it to be on lo0, you can set up a real ip alias > on lo0. If you need both lo0 AND 127.0.0.0/8... Well, do you _really_ > need such a configuration? > Changing the ip on lo0 can be break things or expose you, a lot of sensitive stuff goes over localhost, so be very very carfeul mucking with the ip on lo0. --Larry --Apple-Mail-3--942013615--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BAFB2116-3247-11D8-97BA-000393A335A2>