Re: Jails and loopback interfaces



I would recommend *not* trying to use 127.0.0.1. You'll end up in a
situation where things are trying to access the local machine and are
getting the jail instead.

Instead, I recommend schlopping another IP address, an alias, onto the
loopback interface, just as you would with any other jail. Use an RFC
1918 address, and, as with all jails, use a netmask of 32 bits.

On Wed, 8 Mar 2006, Axel Scheepers wrote:

On Tue, 2006-03-07 at 13:02 -0300, Ricardo A. Reis wrote:
Hi Cyril,

For access loopback inside the jail, is necessary configure in host server
alias for loopback and start jail using loopback.
Remember loopback address is all 127/8 !


I just recently tried jails but I thought 127.0.0.1 would be mapped to
the jails ip-address, which eventually gets mapped to the ip specified
in the parameter or rc.conf. I could be wrong though although my
test-jail setup confirms this on 6.1-PRERELEASE:
test-jail# telnet localhost 22
Trying ::1...
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
SSH-2.0-OpenSSH_4.2p1 FreeBSD-20050903

Kind regards,

Axel Scheepers



/-------------------------------------------------------------------------/
Never worry about theory as long as the machinery does what it's supposed to do.
-- R. A. Heinlein

finger://bigby@xxxxxxxxxxxxx
http://www.ephemeron.org/~bigby/
irc://irc.ephemeron.org/#the_pub
/-------------------------------------------------------------------------/
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"