Date: Thu, 4 May 2006 15:36:03 +0200 From: "No@SPAM@mgEDV.net" <nospam@mgedv.net> To: <bigby@ephemeron.org> Cc: freebsd-security@freebsd.org Subject: RE: Jails and loopback interfaces Message-ID: <000001c66f7f$b148b620$01010101@avalon.lan>
next in thread | raw e-mail | index | archive | help
> I recently did something like this. I have a webserver in a jail that > needs to talk to a database, and the webserver is the only thing that > should talk to the databse. > My solution was to use 2 jails: one for the webserver, and another for the > database. > Jail 1: > * runs webserver > * binds to real interface with real, routable IP > Jail 2: > * runs database server > * binds to loopback interface, isn't directly reachable > from outside the box just to clarify that for me: you did setup this layout or you tried to setup this? as i read it, i understand that you did! i tried exactly the same but currently jails are bound to the specific ip-address assigned with them so i wonder, how the webserver on a real ip-address can communicate with the database bound to the loopback ip? if you could kindly tell, how you solved this issue (we're using 6.1).
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000001c66f7f$b148b620$01010101>