Date: Tue, 8 Jul 2008 07:59:15 -0700 From: "David Allen" <the.real.david.allen@gmail.com> To: hartzell@alerce.com Cc: FreeBSD Questions <freebsd-questions@freebsd.org>, Jason Morgan <jwm-freebsd-questions@sentinelchicken.net> Subject: Re: Jails and IP Aliasing Message-ID: <2daa8b4e0807080759k7e7cdefj7b7bef29757814f0@mail.gmail.com> In-Reply-To: <18546.33852.798857.247487@almost.alerce.com> References: <2daa8b4e0807070951u607ff031v98b5b96103fdab4@mail.gmail.com> <20080707175440.GA95976@sentinelchicken.net> <2daa8b4e0807071216t7c5ef147obb794b3f67376334@mail.gmail.com> <18546.33852.798857.247487@almost.alerce.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jul 7, 2008 at 2:01 PM, George Hartzell <hartzell@alerce.com> wrote: > > Did you take the necessary steps to restrict the IP addresses on which > sendmail on the host and the jail listen? The jail man page only > says: I don't think anyone would get too far with jails in general if the jail host wasn't properly configured beforehand. To answer your question, sendmail on the jail host is listening to the loopback address only. And to the extent it's not redundant or meaningless, within each jail, sendmail is configured to listen to the jail's IP address only. Regrettably, the problem isn't specific to sendmail or any other service, as an ssh connection would exhibit identical behaviour. Put simply, all connections from the jail host to any jail are reported as using that jail's IP address only. Doesn't matter if your viewing the state from the perspective of the jail host, or from within the jail itself. Both ends of the connection have the same IP address.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2daa8b4e0807080759k7e7cdefj7b7bef29757814f0>