Date: Thu, 4 May 2006 08:27:48 -0700 (PDT) From: "R. B. Riddick" <arne_woerner@yahoo.com> To: nospam@mgedv.net, freebsd-security@FreeBSD.ORG Subject: RE: Jails and loopback interfaces Message-ID: <20060504152748.7790.qmail@web30304.mail.mud.yahoo.com> In-Reply-To: <001401c66f8c$6dd0e8b0$01010101@avalon.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
--- "No@SPAM@mgEDV.net" <nospam@mgedv.net> wrote: > this part i definitely don't get. let's assume this one: > > 192.168.10.1 = jail ip of the ws > 127.0.0.1 = jail ip of the db > sending to 127.0.0.1 is not possible on 192.168.134.1 (kernel > re-routes it to 192.168.134.1 if man jail is correct) > if i setup forwarding rules i'd have to setup something for > the real ip's port, no? > What do u mean with "real ip"? I assume u mean, something that does not start with 127... Then u could give ur jails IPs, that start with 10... (e. g. 10.2.2.2) > and, i assumed that the setup mentioned can live without additional > firewall rules. > Isn't the overhead caused by pf or ipfw neglectible? I just did a test with and without ipfw and found, that the minimum ping time without ipfw was 0.987sec and with 1.024sec, which possibly was caused by powerd, which throttled the CPU... I say, maybe u want to do some funny experiments to find it out? -Arne __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060504152748.7790.qmail>