From owner-freebsd-security@FreeBSD.ORG Tue Jul 15 18:06:34 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 28FCB37B401 for ; Tue, 15 Jul 2003 18:06:34 -0700 (PDT) Received: from vista.netmemetic.com (bb-203-125-42-79.singnet.com.sg [203.125.42.79]) by mx1.FreeBSD.org (Postfix) with ESMTP id 52DAE43F93 for ; Tue, 15 Jul 2003 18:06:33 -0700 (PDT) (envelope-from ngps@netmemetic.com) Received: by vista.netmemetic.com (Postfix, from userid 100) id EF7BC7F1; Wed, 16 Jul 2003 09:09:09 +0800 (SGT) Date: Wed, 16 Jul 2003 09:09:09 +0800 From: Ng Pheng Siong To: Nicholas Esborn Message-ID: <20030716010909.GD832@vista.netmemetic.com> References: <8213881.1058211676830.JavaMail.nobody@beaker.psp.pas.earthlink.net> <20030714211518.GD4973@garage.freebsd.pl> <3F13A975.7020508@geminix.org> <20030715161909.GA6394@carbon.berkeley.netdot.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030715161909.GA6394@carbon.berkeley.netdot.net> User-Agent: Mutt/1.4i cc: freebsd-security@freebsd.org cc: "V. Jones" Subject: Re: jails, ipfilter & stunnel X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Jul 2003 01:06:34 -0000 On Tue, Jul 15, 2003 at 09:19:09AM -0700, Nicholas Esborn wrote: > Would it be useful to create multiple IP aliases on lo0, i.e. 127.0.0.2, > 127.0.0.3, bind the jails to those, then use ipfw, ipf/ipnat, or a TCP > proxy to connect ports on the server's real IP to services bound to the > lo0 aliases? Yup, I do that on some of my machines. Mostly works. Easy to experiment with, too. -- Ng Pheng Siong http://firewall.rulemaker.net -+- Manage Your Firewall Rulebase Changes http://www.post1.com/home/ngps -+- Open Source Python Crypto & SSL