From owner-freebsd-security@FreeBSD.ORG  Tue Jul 15 02:23:27 2003
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id F3D0D37B401
	for <freebsd-security@freebsd.org>;
	Tue, 15 Jul 2003 02:23:26 -0700 (PDT)
Received: from timmy.inbox.lv (timmy.inbox.lv [81.94.227.7])
	by mx1.FreeBSD.org (Postfix) with SMTP id BD18F43F75
	for <freebsd-security@freebsd.org>;
	Tue, 15 Jul 2003 02:23:13 -0700 (PDT)
	(envelope-from bonifaktuura@inbox.lv)
Received: (qmail 11547 invoked by uid 1005); 15 Jul 2003 09:23:01 -0000
Received: from unknown (HELO spampd.localdomain) (10.0.1.7)
  by 10.0.1.7 with SMTP; 15 Jul 2003 09:23:01 -0000
Received: from 159.148.190.31 ( [159.148.190.31])
	as user bonifaktuura@10.0.1.1 by www1.inbox.lv with HTTP;
	Tue, 15 Jul 2003 12:23:03 +0300
Message-ID: <1058260983.3f13c7f786469@www1.inbox.lv>
Date: Tue, 15 Jul 2003 12:23:03 +0300
From: peter dunaskin <bonifaktuura@inbox.lv>
To: gemini@geminix.org
References:
	<8213881.1058211676830.JavaMail.nobody@beaker.psp.pas.earthlink.net>
	<20030714211518.GD4973@garage.freebsd.pl> <3F13A975.7020508@geminix.org>
	<20030715091211.GK4973@garage.freebsd.pl>
In-Reply-To: <20030715091211.GK4973@garage.freebsd.pl>
MIME-Version: 1.0
Content-Type: text/plain; charset=windows-1257
Content-Transfer-Encoding: 8bit
User-Agent: inbox.lv 4.0
cc: freebsd-security@freebsd.org
Subject: Re: jails, ipfilter & stunnel
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Jul 2003 09:23:27 -0000

did i miss something or why noone mentioned of using private [unreal,
localhost, whatever..] addresses for all jails?

for example you can bind nat ips for your second nic [or loopback],
different ip's for different jails. then you can portforward whatever
you want to jails. in my case, all jails are firewalled out and i let
in only traffic i need to get in/out.

i can send config files [jail scripts, firewall rules..]

p.



---
This message contains no viruses. 
Guaranteed by Kaspersky Anti-Virus.
www.antivirus.lv