Date: Sun, 13 Jul 2003 12:46:39 -0700 (PDT) From: "V. Jones" <vjones62@earthlink.net> To: freebsd-security@freebsd.org Subject: Re: jails, ipfilter & stunnel Message-ID: <4346655.1058114953973.JavaMail.nobody@skeeter.psp.pas.earthlink.net>
next in thread | raw e-mail | index | archive | help
> You don't have to have multiple IP aliases for multiple jails. Or at > least there is no technical necessity for this (in FreeBSD 4.x, that is, > don't kown about 5.x). If it's just about running server processes in > their own jail (no port number conflicts) you can have all jails on the > same IP address and do the IP filtering (if necessary at all in this > scenario) based on port numbers. > Okay, I didn't realize I could run more than one jail on one ip address. I guess if I needed ssh on each jailed server I could just make sure the port number is unique. > > Finally, I'd like to use SSL to offer secure web connections & secure > email > > without having to buy two certificates. Am I getting too cute if I > accept > > ssl connections on one ip address and use stunnel to route them to the > > appropriate jailed server? > > In case of all jails on one IP address this problem goes away, too. You > could define a generic domain name for the SSL stuff, for instance > 'secure.domain.tld', get a certificate for that and use it for web as > well as email and other purposes. > > Uwe > This counfuses me - doesn't the host name have to match the certificate? Can two jails have the same host name too? -- Valen Jones >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4346655.1058114953973.JavaMail.nobody>