SUMMARY: Jails and loopback interfaces

---

• From: Cyril Jaouich <cjaouich@xxxxxxxx>
• Date: Wed, 8 Mar 2006 16:17:34 -0500 (EST)

---

Well well,

I have received a lot of answers and solutions.

Setup:
Server A hosts a jail B
Jail B is Webserver and Database server
Want I want to do:
Limit acces to the database by binding the database on the loopback address
(127.0.0.1).

Since you can only use 1 ip in a jail and I am running a Web server it has to
be a routed address (non RFC1918). Also, when a process inside a jail connects
to the loopback (127.0.0.1), you hit the jail's ip and not the loopback ip of
the master server (where the jail sits).

In order to secure my database, it's best to use PF to limit exterior acces.
You can also setup another jail that will use an RFC1919 address.

Thanks to:
Bigby Findrake
Axel Scheepers
Josh Bell
Ricardo A. Reis
Jon

-Cyril






__________________________________________________________
Lèche-vitrine ou lèche-écran ?
magasinage.yahoo.ca
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"

---

• Follow-Ups:
  • Re: SUMMARY: Jails and loopback interfaces
    • From: Michal Mertl

• References:
  • Re: Jails and loopback interfaces
    • From: Bigby Findrake

• Prev by Date: Re: Jails and loopback interfaces
• Next by Date: Re: SUMMARY: Jails and loopback interfaces
• Previous by thread: Re: Jails and loopback interfaces
• Next by thread: Re: SUMMARY: Jails and loopback interfaces
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Jails and loopback interfaces ... For access loopback inside the jail, is necessary configure in host server ... I would like to be able to have the database only bind on a ... (FreeBSD-Security) Re: SUMMARY: Jails and loopback interfaces ... Server A hosts a jail B ... Limit acces to the database by binding the database on the loopback address ... (FreeBSD-Security) RE: Jails and loopback interfaces ... * runs webserver ... * runs database server ... Packets leaving a jail are not limited to leaving the host machine on the same interface that the jail is bound to. ... The jail is limited to sending packets from, and receiving packets to the IP address that its bound to, but those packets can go out, or come in, any interface on the host machine. ... (FreeBSD-Security) Re: Jails and loopback interfaces ... I have a webserver in a jail that needs to talk to a database, and the webserver is the only thing that should talk to the databse. ... ipfw add allow tcp from any to $JAIL keep-state setup ... (FreeBSD-Security) Re: Jails and loopback interfaces ... I have a webserver in a jail that ... >> database. ... packets forwarded to another system will usually be rejected by ... (FreeBSD-Security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > FreeBSD-Security  > 2006-03