RE: Jails and loopback interfaces
- From: "No@SPAM@mgEDV.net" <nospam@xxxxxxxxx>
- Date: Thu, 4 May 2006 15:36:03 +0200
I recently did something like this. I have a webserver in a jail that
needs to talk to a database, and the webserver is the only thing that
should talk to the databse.
My solution was to use 2 jails: one for the webserver, and another for the
database.
Jail 1:
* runs webserver
* binds to real interface with real, routable IP
Jail 2:
* runs database server
* binds to loopback interface, isn't directly reachable
from outside the box
just to clarify that for me: you did setup this layout or you
tried to setup this? as i read it, i understand that you did!
i tried exactly the same but currently jails are bound to the specific
ip-address assigned with them so i wonder, how the webserver on a real
ip-address can communicate with the database bound to the loopback ip?
if you could kindly tell, how you solved this issue (we're using 6.1).
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"
- Follow-Ups:
- RE: Jails and loopback interfaces
- From: Bigby Findrake
- Re: Jails and loopback interfaces
- From: Oliver Fromme
- RE: Jails and loopback interfaces
- Prev by Date: MAC policies and shared hosting
- Next by Date: Re: Jails and loopback interfaces
- Previous by thread: MAC policies and shared hosting
- Next by thread: Re: Jails and loopback interfaces
- Index(es):
Relevant Pages
|
|
