running jail with alternate IP

From: Raymond Wagner (wagnerr_at_zoomtown.com)
Date: 06/27/05

  • Next message: Marko Lerota: "Re: "sh -i" My server was hacked. How can i found hole on my server?"
    To: <freebsd-security@freebsd.org>
    Date: Mon, 27 Jun 2005 09:36:37 -0400
    
    

    I am currently setting up a firewall that translates my internal network
    over to 5 public IP addresses. The addresses are dynamically assigned, so I
    use ddclient to update my www.dyndns.org account. I've set up several
    aliases on the external interface of the firewall, and succeeded in having
    the internal computers use those extra public IPs.

    What I want to do is have 5 copies of ddclient all running in separate jails
    bound to different public IPs. I did some experimenting with jail, jailing
    a shell and then running lynx to www.whatismyip.com. I had to open up the
    firewall to get it to work, and then it gave me the public IP address bound
    to the first IP on the interface. Looking at the firewall logs, it seems as
    if jail is sending packets on the main IP (the non-aliased one), but
    modifying the header so they return to the aliased IP that was given to it
    when running the jail command.

    Is this how jail is supposed to operate, or am I doing something wrong?

    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"


  • Next message: Marko Lerota: "Re: "sh -i" My server was hacked. How can i found hole on my server?"

    Relevant Pages

    • Re: Inline firewalls vs. Inline firewalls "spaced out"
      ... You internal network should only be able to talk outwards, ... the first design. ... a third firewall has to be compromised. ... > greater security to your web boxes than the first design. ...
      (Security-Basics)
    • RE: Proxy & Firewall Implementation
      ... Put a firewall between your internal network and the DMZ which allows ... DMZ servers to the gills. ...
      (Security-Basics)
    • Re: Firewall Design
      ... > The etherswitch from the router will have the Firewall and my Web ... and the second is connected to another switch on the LAN. ... Your DMZ systems should be publicly accessible, ... filtering in front of your DMZ systems, as well as your internal network. ...
      (comp.security.firewalls)
    • Re: Public Addresses Used Internally
      ... quality of the firewall. ... With public IPs access must only route into internal network ... There is increased cost with holding the public IPs, ...
      (microsoft.public.security)
    • Re: Setting up SBS 2000 w/SonicWall Firewall VPN, Need help.
      ... SBS or the internal network? ... If you have two nics and are using SBS ... I would guess again that with a single nic server that the ... >the firewall. ...
      (microsoft.public.backoffice.smallbiz2000)