From owner-freebsd-hackers Sun Feb 2 15: 2:42 2003 Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4D9AA37B401 for ; Sun, 2 Feb 2003 15:02:41 -0800 (PST) Received: from mail.iskon.hr (mail.iskon.hr [213.191.128.4]) by mx1.FreeBSD.org (Postfix) with SMTP id 4EEAA43F3F for ; Sun, 2 Feb 2003 15:02:39 -0800 (PST) (envelope-from zec@tel.fer.hr) Received: (qmail 18362 invoked from network); 3 Feb 2003 00:02:21 +0100 Received: from zg04-073.dialin.iskon.hr (HELO tel.fer.hr) (213.191.137.74) by mail.iskon.hr with SMTP; 3 Feb 2003 00:02:21 +0100 Message-ID: <3E3DA383.B67C8881@tel.fer.hr> Date: Mon, 03 Feb 2003 00:02:27 +0100 From: Marko Zec X-Mailer: Mozilla 4.8 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Yakov Sudeikin Cc: freebsd-hackers@freebsd.org Subject: Re: Routing within a Jail References: <00cf01c2cacd$4c786420$01e6a8c0@homenet> Content-Type: text/plain; charset=iso-8859-2 Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Yakov Sudeikin wrote: > Hi freebsd-hackers, > > Jail with multiple LAN cards accessible from within? > > I have my 4.7 box serving a lot of things, and I have a Linux box routing > the network packets for people in my block. I am not an administraotr of the > router. I want to get rid of the Linux station, I want to create a jail on > my FreeBSD box and start a router + firewall there. As far as I know this is > not possible, jail is started binded to single IP. And I need to route > between different interfaces and even differend LAN cards. One of them is > WaveLan, others are Ethernet rl0 like. I want the router to be in the jail > for security purposes, and have all my services also in the other jails > (mysql, apache, ftp, mail, named, samba etc). And I want the host system > ONLY serve jails and do nothing else by itself. Is FreeBSD jail subsystem > mature enough to accomplish this? > Check http://www.tel.fer.hr/zec/BSD/vimage/ , this could probably be a solution for your scenario. Marko To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message