Re: Jails and loopback interfaces

From: Bigby Findrake <bigby@xxxxxxxxxxxxx>
Date: Wed, 8 Mar 2006 13:07:58 -0800 (PST)

I would recommend *not* trying to use 127.0.0.1. You'll end up in a
situation where things are trying to access the local machine and are
getting the jail instead.

Instead, I recommend schlopping another IP address, an alias, onto the
loopback interface, just as you would with any other jail. Use an RFC
1918 address, and, as with all jails, use a netmask of 32 bits.

On Wed, 8 Mar 2006, Axel Scheepers wrote:

On Tue, 2006-03-07 at 13:02 -0300, Ricardo A. Reis wrote:
Hi Cyril,

For access loopback inside the jail, is necessary configure in host server
alias for loopback and start jail using loopback.
Remember loopback address is all 127/8 !

I just recently tried jails but I thought 127.0.0.1 would be mapped to
the jails ip-address, which eventually gets mapped to the ip specified
in the parameter or rc.conf. I could be wrong though although my
test-jail setup confirms this on 6.1-PRERELEASE:
test-jail# telnet localhost 22
Trying ::1...
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
SSH-2.0-OpenSSH_4.2p1 FreeBSD-20050903

Kind regards,

Axel Scheepers

/-------------------------------------------------------------------------/
Never worry about theory as long as the machinery does what it's supposed to do.
-- R. A. Heinlein

finger://bigby@xxxxxxxxxxxxx
http://www.ephemeron.org/~bigby/
irc://irc.ephemeron.org/#the_pub
/-------------------------------------------------------------------------/
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"

Follow-Ups:
- SUMMARY: Jails and loopback interfaces
  - From: Cyril Jaouich

References:
- Jails and loopback interfaces
  - From: Cyril Jaouich
- Re: Jails and loopback interfaces
  - From: Ricardo A. Reis
- Re: Jails and loopback interfaces
  - From: Axel Scheepers

Prev by Date: Re: Jails and loopback interfaces
Next by Date: SUMMARY: Jails and loopback interfaces
Previous by thread: Re: Jails and loopback interfaces
Next by thread: SUMMARY: Jails and loopback interfaces
Index(es):
- Date
- Thread

Relevant Pages

Re: Jails and IP Aliasing
... using firewall rules to redirect the traffic accordingly. ... Something like a loopback address inside the jail. ...
(freebsd-questions)
Re: Problem with jail connecting out
... Also, related, how do I configure multiple interfaces in a jail? ... I have read some recommendations not to use the loopback interface without any real explanation, I don't see why it shouldn't work with a different IP as for other interfaces - or a cloned loopback. ... Basically, I'm trying to setup a jail for my imap server to migrate my mail from the existing server, a last resort clumsy way of upgrading the Berkeley DB. ...
(freebsd-questions)
Re: Problem with jail connecting out
... Also, related, how do I configure multiple interfaces in a jail? ... I don't think that it is a wise idea to be using the loopback address ... Internal host loopback address. ...
(freebsd-questions)
Re: Jails and loopback interfaces
... For access loopback inside the jail, is necessary configure in host server ... test-jail setup confirms this on 6.1-PRERELEASE: ...
(FreeBSD-Security)
RE: Jails and loopback interfaces
... good idea to use localhost as a jail IP. ... Use only loopback ... IPs (other than localhost), like the example that I wrote ... adapter and using the localhost IP. ...
(FreeBSD-Security)