RE: mijail- Multiple IP's in a Jail

From: Stephen Major (smajor_at_gmail.com)
Date: 07/14/05

  • Next message: Avleen Vig: "[ronvdaal@zarathustra.linux666.com: Possible security issue with FreeBSD 5.4 jailing and BPF]"
    To: <freebsd-security@freebsd.org>
    Date: Thu, 14 Jul 2005 08:34:06 -0700
    
    

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    Thank you!

    Does anyone have a local 5.4 system they can test this out on?
    I only have a remote system, and do not want to risk the server
    Not booting up.

    - -----Original Message-----
    From: owner-freebsd-security@freebsd.org
    [mailto:owner-freebsd-security@freebsd.org] On Behalf Of Dmitry Frolov
    Sent: Thursday, July 14, 2005 8:18 AM
    To: r2bit@neti.ee
    Cc: freebsd-security@freebsd.org
    Subject: Re: mijail- Multiple IP's in a Jail

    * r2bit@neti.ee <r2bit@neti.ee> [13.07.2005 22:28]:

    > Check out http://blog.mombe.org/systems/mijail5.html?seemore=y. It worked
    for my
    > 5.3. But keep in mind that there's no perfect solution yet - this
    mentioned
    > patch ruins the DNS.

    I have a patch updated for 5.3 that also seem to fix outgoing UDP problem:

    ftp://ftp.riss-telecom.ru/pub/patches/fbsd53b7-mijail.diff

    I'm running with this patch for more than half a year. Not tried on 5.4 yet.

    >
    > > I have searched around the lists and Google and found this
    > >
    > > HYPERLINK
    > >
    "http://people.freebsd.org/~pjd/patches/jail_2004120901.patch"http://people.
    > > freebsd.org/~pjd/patches/jail_2004120901.patch
    > >
    > > I was wondering if anyone know of a multiple IP patch that works with
    > > FreeBSD 5.4
    > > I really do not understand why this is not included in the standard jail
    > > I mean sure jail is handy for such things as small daemons
    > > But what about the applications such as a shell server
    > > Or a web server
    > > They require multiple IP&#8217;s and the thought of running a jail for
    every
    > shell
    > > account 32+ IP&#8217;s
    > > That is extremely far fetched.

        wbr&w, dmitry.
    - --
    Dmitry Frolov <frolov@riss-telecom.ru>
    RISS-Telecom Network, Novosibirsk, Russia
    66415911@ICQ, +7 3832 NO WA1T, DVF-RIPE
    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

    -----BEGIN PGP SIGNATURE-----
    Version: PGP Desktop 9.0.1 (Build 2185)

    iQEVAwUBQtaF8aKXvLS903/FAQozPggAxQdh3rxyUxl9Z53BX8rZpzz5eurMIeyo
    EBowsltlO34KNRw72I/CQxITOV920VtDFymIQ71+W4md3Q1uq8DPVMhqm+H+7XKI
    EcH5g9mqQR/hbGLP2Ku4gb0xyGcfoEcar2A1WAaVqycDw+tNRWbCGm4TuOqGodZN
    RhvXw47OjVQLC3cS+ylEknhvsTgKxTKtWCH00JKm8TIwQt7thDgJ1PhSm5Q7br6M
    IFPWAwRb450W12uakpipoTk9xpabmkSvv1798Vo3JI8KOlQI+sUyoHJm2hg89Ad4
    uqc1yhxIfAo+oL6DvOaocEnjuYPcfKx30KwadktDdk4OELvF/x9omA==
    =dl2/
    -----END PGP SIGNATURE-----
    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"


  • Next message: Avleen Vig: "[ronvdaal@zarathustra.linux666.com: Possible security issue with FreeBSD 5.4 jailing and BPF]"

    Relevant Pages

    • Jail support for mac_portacl(4).
      ... for example www server inside a jail, but use the same IP address as ... forward http port with firewall from external IP to jail's IP. ... In that way we know that if somebody breaks into out jail, ... This patch gives another option, so one don't need to use firewall for this ...
      (FreeBSD-Security)
    • Re: 5.3-RELEASE: WARNING - WRITE_DMA interrupt timout
      ... My problem is not related to a SATA controller. ... Everything works pretty well on this server. ... the qmail MTA, an otherwise pretty powerful email program. ... I'm going to apply a patch to qmail in a few days. ...
      (freebsd-current)
    • Re: KB917537 Failing
      ... four days after the patch released. ... mature server OS, an enterprise-class messaging system, and automated ... if you hit the "Restart" button ... here as I had assumed this would be a common problem.. ...
      (microsoft.public.windows.server.sbs)
    • Re: ER problem / bug? in 11.50.UC3
      ... The engineer develops a patch and performs unit testing to verify that the patch is working. ... The staging branch is built nightly and goes through some 10 hours of automated testing daily. ... catch that you used an uppercase letter when defining the server. ... not necessarily those of the Fonterra Co-operative Group. ...
      (comp.databases.informix)
    • Re: FOLLOW UP : Forms Authentication Randomly Times Out (Windows 2003)
      ... Well there goes my theory on the patch. ... "Joe Audette" wrote in message ... > It doesn't look like we have that patch on our server. ... > had to scrap the automatic re-direction to login from the ...
      (microsoft.public.dotnet.framework.aspnet.security)