running jail with alternate IP

From: Raymond Wagner (wagnerr_at_zoomtown.com)
Date: 06/27/05

  • Next message: Marko Lerota: "Re: "sh -i" My server was hacked. How can i found hole on my server?"
    To: <freebsd-security@freebsd.org>
    Date: Mon, 27 Jun 2005 09:36:37 -0400
    
    

    I am currently setting up a firewall that translates my internal network
    over to 5 public IP addresses. The addresses are dynamically assigned, so I
    use ddclient to update my www.dyndns.org account. I've set up several
    aliases on the external interface of the firewall, and succeeded in having
    the internal computers use those extra public IPs.

    What I want to do is have 5 copies of ddclient all running in separate jails
    bound to different public IPs. I did some experimenting with jail, jailing
    a shell and then running lynx to www.whatismyip.com. I had to open up the
    firewall to get it to work, and then it gave me the public IP address bound
    to the first IP on the interface. Looking at the firewall logs, it seems as
    if jail is sending packets on the main IP (the non-aliased one), but
    modifying the header so they return to the aliased IP that was given to it
    when running the jail command.

    Is this how jail is supposed to operate, or am I doing something wrong?

    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"


  • Next message: Marko Lerota: "Re: "sh -i" My server was hacked. How can i found hole on my server?"