Date: Tue, 15 Jul 2003 09:19:00 +0200 From: Uwe Doering <gemini@geminix.org> To: "V. Jones" <vjones62@earthlink.net> Cc: freebsd-security@freebsd.org Subject: Re: jails, ipfilter & stunnel Message-ID: <3F13AAE4.9020506@geminix.org> In-Reply-To: <1868570.1058215847119.JavaMail.nobody@beaker.psp.pas.earthlink.net> References: <1868570.1058215847119.JavaMail.nobody@beaker.psp.pas.earthlink.net>
next in thread | previous in thread | raw e-mail | index | archive | help
V. Jones wrote: >>Good point. I forgot to mention that you should bind daemons running >>outside the jails explicitly to the server's IP address. This >>circumvents the problem you've pointed out. But I agree with you that >>people would be less likely to shoot themselves in the foot if the >>kernel took care of things in this situation. > > Oh - okay. The directions I followed in "Absolute BSD" had me configure > all Daemons so that they only listened on the main ip address. Is this > what you guys are talking about it? Actually, the book said the jailed > server wouldn't even start if this wasn't done. > > For example, in my /etc/ssh/sshd_config: > > ListenAddress x.x.x.8 Yes, this is the way to do it. Uwe -- Uwe Doering | EscapeBox - Managed On-Demand UNIX Servers gemini@geminix.org | http://www.escapebox.net
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3F13AAE4.9020506>