From owner-freebsd-hackers Sun Feb 2 12:58:55 2003 Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 886F837B410 for ; Sun, 2 Feb 2003 12:58:50 -0800 (PST) Received: from aaz.links.ru (aaz.links.ru [193.125.152.37]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6036743F85 for ; Sun, 2 Feb 2003 12:58:49 -0800 (PST) (envelope-from babolo@aaz.links.ru) Received: from aaz.links.ru (aaz.links.ru [193.125.152.37]) by aaz.links.ru (8.12.6/8.12.6) with ESMTP id h12L10Je012096; Mon, 3 Feb 2003 00:01:00 +0300 (MSK) (envelope-from babolo@aaz.links.ru) Received: (from babolo@localhost) by aaz.links.ru (8.12.6/8.12.6/Submit) id h12L0x1a012095; Mon, 3 Feb 2003 00:01:00 +0300 (MSK) Message-Id: <200302022101.h12L0x1a012095@aaz.links.ru> Subject: Re: Routing within a Jail X-ELM-OSV: (Our standard violations) hdr-charset=KOI8-R; no-hdr-encoding=1 In-Reply-To: <00cf01c2cacd$4c786420$01e6a8c0@homenet> To: Yakov Sudeikin Date: Mon, 3 Feb 2003 00:00:59 +0300 (MSK) From: "."@babolo.ru Cc: freebsd-hackers@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL99b (25)] MIME-Version: 1.0 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > Hi freebsd-hackers, > > Jail with multiple LAN cards accessible from within? > > I have my 4.7 box serving a lot of things, and I have a Linux box routing > the network packets for people in my block. I am not an administraotr of the > router. I want to get rid of the Linux station, I want to create a jail on > my FreeBSD box and start a router + firewall there. As far as I know this is > not possible, jail is started binded to single IP. And I need to route > between different interfaces and even differend LAN cards. One of them is > WaveLan, others are Ethernet rl0 like. I want the router to be in the jail > for security purposes, and have all my services also in the other jails > (mysql, apache, ftp, mail, named, samba etc). And I want the host system > ONLY serve jails and do nothing else by itself. Is FreeBSD jail subsystem > mature enough to accomplish this? Use different boxes for router and for services. Strip every internet accessable socket on router for security. -- @BABOLO http://links.ru/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message