jails, ipfilter & stunnel

From: V. Jones (vjones62_at_earthlink.net)
Date: 07/13/03

  • Next message: Uwe Doering: "Re: jails, ipfilter & stunnel"
    Date: Sat, 12 Jul 2003 18:43:26 -0700 (PDT)
    To: freebsd-security@freebsd.org
    
    

    I'm setting up a server where I plan to use Jails to improve security
    I also have installed and am configuring ipfilter. Here are my
    questions:

    Because I'm using Jails, I will have to have multiple ip aliases on the
    network interface. I will use ipfilter to specify what can go to each
    of the addresses. (e.g., allow only incoming to port 80 on the jail
    running apache).

    Another jailed server will run mail services (pop, smtp, imap). If
    I want to allow users to use web based email(over ssl of course), the
    web server will have to communicate with the mail server. Is there
    a chance of "information leakage" in this type of setup?

    Finally, I'd like to use SSL to offer secure web connections & secure email
    without having to buy two certificates. Am I getting too cute if I accept
    ssl connections on one ip address and use stunnel to route them to the
    appropriate jailed server?
    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"


  • Next message: Uwe Doering: "Re: jails, ipfilter & stunnel"