From owner-freebsd-stable@FreeBSD.ORG  Thu Mar 27 19:29:45 2008
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 481E0106566B
	for <freebsd-stable@freebsd.org>; Thu, 27 Mar 2008 19:29:45 +0000 (UTC)
	(envelope-from lists@c0mplx.org)
Received: from home.opsec.eu (unknown [IPv6:2001:14f8:200::1])
	by mx1.freebsd.org (Postfix) with ESMTP id 07BB78FC13
	for <freebsd-stable@freebsd.org>; Thu, 27 Mar 2008 19:29:45 +0000 (UTC)
	(envelope-from lists@c0mplx.org)
Received: from pi by home.opsec.eu with local (Exim 4.69 (FreeBSD))
	(envelope-from <lists@c0mplx.org>) id 1JexnF-000F8b-7x
	for freebsd-stable@freebsd.org; Thu, 27 Mar 2008 20:29:45 +0100
Date: Thu, 27 Mar 2008 20:29:45 +0100
From: Kurt Jaeger <lists@c0mplx.org>
To: freebsd-stable@freebsd.org
Message-ID: <20080327192945.GA57996@home.opsec.eu>
References: <BLU118-W91CABC84FB9304A5C2308D0FE0@phx.gbl>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <BLU118-W91CABC84FB9304A5C2308D0FE0@phx.gbl>
Subject: Re: inetd and freebsd service jail
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Mar 2008 19:29:45 -0000

Hi!

> I have a jail for pureftpd service,
> it is possible that inetd from the main system launch FTP server
> inside the jail?

No, it's not possible.

The reason:

When your client connects to the IP of the jail,
inetd.conf running on the main system can start some

jexec <jail-id> /usr/libexec/ftpd ...

But: The <jail-id> depends on the IP the client is connecting to,
and inetd has no lookup-hook to find the <jail-id> from the IP adress.

It might not be too difficult to add this feature to inetd,
but right now, it's not available.

> If not so, i don't uderstand advantage of to have an inetd service
> listening inside each jail...

Jails are to virtualize systems, so if you have your own instance
of inetd running in your jail, you can decide for yourself which
services will served by your inetd instance. Just edit the inetd.conf
inside the jail and restart inetd in your own virtual server.

-- 
pi@opsec.eu            +49 171 3101372                        12 years to go !