From owner-freebsd-questions@FreeBSD.ORG Tue Jul 8 14:59:17 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1DB241065681 for ; Tue, 8 Jul 2008 14:59:17 +0000 (UTC) (envelope-from the.real.david.allen@gmail.com) Received: from rn-out-0910.google.com (rn-out-0910.google.com [64.233.170.186]) by mx1.freebsd.org (Postfix) with ESMTP id C79508FC18 for ; Tue, 8 Jul 2008 14:59:16 +0000 (UTC) (envelope-from the.real.david.allen@gmail.com) Received: by rn-out-0910.google.com with SMTP id j71so660654rne.12 for ; Tue, 08 Jul 2008 07:59:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:cc:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=NEJW1xZGYXZ591fwqrQ6f5Cl2L55Y+05nvJZ0KsXtzQ=; b=J0xWFgqeniHqEJTk+6yriQWu1o64din6kdSF8uAex+6YIRN7c9xkYSLXkujAqAXUi5 0HUPpo5a+K9FMdqEnNHJ6kwiwYZfEQD/q0FzLPKiI5Vd4po9M0VoLZzQZk2AdoGb/3V3 Q/LOS1628/akD//AOpX24W6dhEuIcz2zEaOps= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=SuB2rw/ugD2XAorXjdQHxYpm2xU0EizYXCNfsUYh10oq2sZ+VpeP4bkXUUKCSUq2ZB JnXGtFEU3S/C88/zobSr+4J8Nw74/KdJimh9u91/bgri+mVYEaKuAW3pZjZcIfNkzvgW 9FyBNz0IB/ayhp8WU69RS3NNuKwZMj4cf3tX4= Received: by 10.151.145.11 with SMTP id x11mr10493838ybn.125.1215529155508; Tue, 08 Jul 2008 07:59:15 -0700 (PDT) Received: by 10.151.111.10 with HTTP; Tue, 8 Jul 2008 07:59:15 -0700 (PDT) Message-ID: <2daa8b4e0807080759k7e7cdefj7b7bef29757814f0@mail.gmail.com> Date: Tue, 8 Jul 2008 07:59:15 -0700 From: "David Allen" To: hartzell@alerce.com In-Reply-To: <18546.33852.798857.247487@almost.alerce.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <2daa8b4e0807070951u607ff031v98b5b96103fdab4@mail.gmail.com> <20080707175440.GA95976@sentinelchicken.net> <2daa8b4e0807071216t7c5ef147obb794b3f67376334@mail.gmail.com> <18546.33852.798857.247487@almost.alerce.com> Cc: FreeBSD Questions , Jason Morgan Subject: Re: Jails and IP Aliasing X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Jul 2008 14:59:17 -0000 On Mon, Jul 7, 2008 at 2:01 PM, George Hartzell wrote: > > Did you take the necessary steps to restrict the IP addresses on which > sendmail on the host and the jail listen? The jail man page only > says: I don't think anyone would get too far with jails in general if the jail host wasn't properly configured beforehand. To answer your question, sendmail on the jail host is listening to the loopback address only. And to the extent it's not redundant or meaningless, within each jail, sendmail is configured to listen to the jail's IP address only. Regrettably, the problem isn't specific to sendmail or any other service, as an ssh connection would exhibit identical behaviour. Put simply, all connections from the jail host to any jail are reported as using that jail's IP address only. Doesn't matter if your viewing the state from the perspective of the jail host, or from within the jail itself. Both ends of the connection have the same IP address.