Date: Thu, 19 Oct 2017 12:46:14 -0500 From: Adam Vande More <amvandemore@gmail.com> To: Steve Kargl <sgk@troutmask.apl.washington.edu> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: Two jail questions Message-ID: <CA%2BtpaK2c99mSXXPVWLQL0q_%2BkJ-xtoLzJtjLqbxDzwTM5KKhNg@mail.gmail.com> In-Reply-To: <20171019173224.GA31648@troutmask.apl.washington.edu> References: <20171019173224.GA31648@troutmask.apl.washington.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Oct 19, 2017 at 12:32 PM, Steve Kargl <sgk@troutmask.apl.washington. edu> wrote: > > 1) If an application (e.g., sshd) needs to reach the internet from a > jail, is it required to have the host system running pf (or other > packet filtering software)? > No. See VNET/VIMAGE > 2) Suppose I have to classes of users on a system: normal users and > guest users. For normal users (including those that are members > of the wheel group), I would like those individuals to be able > to use ssh to connect to the host system. For guest users, I > want to isolate those users in a jailed environment. Thus, I'll > have sshd running in both the host and jail. How do I setup > such a scheme? > sshd in the jail needs to run on a different port if you're using the same ip, otherwise if you use an independent networking stack you would configure as normal. User X on host != User X on jail -- Adam
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2BtpaK2c99mSXXPVWLQL0q_%2BkJ-xtoLzJtjLqbxDzwTM5KKhNg>