Date: Wed, 8 Mar 2006 16:17:34 -0500 (EST) From: Cyril Jaouich <cjaouich@yahoo.ca> To: freebsd-security@freebsd.org Subject: SUMMARY: Jails and loopback interfaces Message-ID: <20060308211734.73971.qmail@web30602.mail.mud.yahoo.com> In-Reply-To: <20060308130742.A11454@home.ephemeron.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Well well, I have received a lot of answers and solutions. Setup: Server A hosts a jail B Jail B is Webserver and Database server Want I want to do: Limit acces to the database by binding the database on the loopback address (127.0.0.1). Since you can only use 1 ip in a jail and I am running a Web server it has to be a routed address (non RFC1918). Also, when a process inside a jail connects to the loopback (127.0.0.1), you hit the jail's ip and not the loopback ip of the master server (where the jail sits). In order to secure my database, it's best to use PF to limit exterior acces. You can also setup another jail that will use an RFC1919 address. Thanks to: Bigby Findrake Axel Scheepers Josh Bell Ricardo A. Reis Jon -Cyril __________________________________________________________ Lèche-vitrine ou lèche-écran ? magasinage.yahoo.ca
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060308211734.73971.qmail>