Date: Tue, 15 Jul 2003 09:19:00 +0200 From: Uwe Doering <gemini@geminix.org> To: "V. Jones" <vjones62@earthlink.net> Cc: freebsd-security@freebsd.org Subject: Re: jails, ipfilter & stunnel Message-ID: <3F13AAE4.9020506@geminix.org> In-Reply-To: <1868570.1058215847119.JavaMail.nobody@beaker.psp.pas.earthlink.net> References: <1868570.1058215847119.JavaMail.nobody@beaker.psp.pas.earthlink.net>
next in thread | previous in thread | raw e-mail | index | archive | help
V. Jones wrote:
>>Good point. I forgot to mention that you should bind daemons running
>>outside the jails explicitly to the server's IP address. This
>>circumvents the problem you've pointed out. But I agree with you that
>>people would be less likely to shoot themselves in the foot if the
>>kernel took care of things in this situation.
>
> Oh - okay. The directions I followed in "Absolute BSD" had me configure
> all Daemons so that they only listened on the main ip address. Is this
> what you guys are talking about it? Actually, the book said the jailed
> server wouldn't even start if this wasn't done.
>
> For example, in my /etc/ssh/sshd_config:
>
> ListenAddress x.x.x.8
Yes, this is the way to do it.
Uwe
--
Uwe Doering | EscapeBox - Managed On-Demand UNIX Servers
gemini@geminix.org | http://www.escapebox.net
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3F13AAE4.9020506>