Re: running jail with alternate IP

• Previous message: Marko Lerota: "Re: "sh -i" My server was hacked. How can i found hole on my server?"
• In reply to: Raymond Wagner: "running jail with alternate IP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 27 Jun 2005 11:43:29 -0700 (PDT)
To: <wagnerr@zoomtown.com>

So, Raymond Wagner wrote:
> I am currently setting up a firewall that translates my internal network
> over to 5 public IP addresses. The addresses are dynamically assigned,
> so I use ddclient to update my www.dyndns.org account. I've set up
> several aliases on the external interface of the firewall, and succeeded
> in having the internal computers use those extra public IPs.
>
> What I want to do is have 5 copies of ddclient all running in separate
> jails bound to different public IPs. I did some experimenting with
> jail, jailing a shell and then running lynx to www.whatismyip.com. I
> had to open up the firewall to get it to work, and then it gave me the
> public IP address bound to the first IP on the interface. Looking at
> the firewall logs, it seems as if jail is sending packets on the main IP
> (the non-aliased one), but modifying the header so they return to the
> aliased IP that was given to it when running the jail command.
>
> Is this how jail is supposed to operate, or am I doing something wrong?

i don't know about the implications of jail, but as far as i know, when
you have multiple interfaces going to the same subnet, in your case your
provider and the internet, only 1 of those ips can have it's netmask set
for that subnet and all the other netmasks have to be 255.255.255.255.
This implies that all outbound packets routed to your gateway (presumably
your provider) are routed through that one ip.

mario;>

_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

• Previous message: Marko Lerota: "Re: "sh -i" My server was hacked. How can i found hole on my server?"
• In reply to: Raymond Wagner: "running jail with alternate IP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Am I being attacked? ... >>> package on our DSL line. ... >> You aren't using public IPs on your internal network for some reason, ... >> firewall are you connecting to (between your DSL modem and your ... "Exchange was down" means that it had no Internet connectivity but was still ... (microsoft.public.windows.server.sbs) Gateway Firewall how ... internal pcs browsing the internet with 1 public IP. ... each having 1 or more public IPs. ... All I need to do is set up a firewall that all outside traffic has ... to go through before it gets sent on to the various internal web servers. ... (comp.os.linux.security) Re: Gateway Firewall how ... > multiple internal pcs browsing the internet with 1 public IP. ... > for all of my web servers. ... > public IPs. ... All I need to do is set up a firewall that all ... (comp.os.linux.security) Re: avast ... > Just did a clean installation of xp pro sp1 and download 'avast anti ... Did you firewall before connecting to the internet? ... Internet and patch with the critical updates? ... Why you should use a computer firewall.. ... (microsoft.public.windowsxp.general) Re: XP NOT RESPONDING ... Did you have a firewall going before connecting to the internet? ... Microsoft has these suggestions for Protecting your computer from the ... Why you should use a computer firewall.. ... are pay - some you can only download if you are registered - but it is best ... (microsoft.public.windowsxp.setup_deployment)