Re: bind() on 127.0.0.1 in jail: bound to the outside address?

From: Michael Schuh (michael.schuh_at_gmail.com)
Date: 07/04/05

Next message: Jesper Wallin: "Re: packets with syn/fin vs pf_norm.c"

Previous message: Dag-Erling Smørgrav: "Re: packets with syn/fin vs pf_norm.c"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 4 Jul 2005 13:16:48 +0200
To: delphij@frontfree.net, freebsd-security@freebsd.org

Hello,

in Jails you cannot bound any application to the 127.0.0.1,
you ccan always bound only to the jail-ip.

If you setup sshd in jail (or an other way to get a shell in this jail) so
you can make the ifconfig -a so that you can see you have only the outbound
address 192.168.1.1 ( the jail-ip) to bind services to that address.

jou can not have more then one 127.0.0.1, because this address is
viewable in the Host
enviroment, but you can try to setting up 127.0.0.2 as second
ipdadress of the lo-device
and get these the jail, but you loose then the other ip ( i think, be not sure).

try to set the second ip-address in rc.conf of the jail.

best regards

michael
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

Next message: Jesper Wallin: "Re: packets with syn/fin vs pf_norm.c"

Previous message: Dag-Erling Smørgrav: "Re: packets with syn/fin vs pf_norm.c"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]