RE: Jails and loopback interfaces

I recently did something like this. I have a webserver in a jail that
needs to talk to a database, and the webserver is the only thing that
should talk to the databse.

My solution was to use 2 jails: one for the webserver, and another for the


Jail 1:
* runs webserver
* binds to real interface with real, routable IP

Jail 2:
* runs database server
* binds to loopback interface, isn't directly reachable
from outside the box

just to clarify that for me: you did setup this layout or you
tried to setup this? as i read it, i understand that you did!

i tried exactly the same but currently jails are bound to the specific
ip-address assigned with them so i wonder, how the webserver on a real
ip-address can communicate with the database bound to the loopback ip?
if you could kindly tell, how you solved this issue (we're using 6.1).

freebsd-security@xxxxxxxxxxx mailing list
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Re: Jails and loopback interfaces
    ... * runs webserver ... binds to real interface with real, ... * runs database server ... it is a good idea to _always_ bind jails to non- ...
  • Re: Query regarding virtual path and physical path
    ... anything Web Server specific. ... I have httpd webserver and once i give it goes to remote ... The database file cannot be found. ... I set virtual path in my webserver. ...
  • Re: freebsd jail: web and database server config questions
    ... The webserver will need to connect to the database system on startup and update the database based on client access. ... I would setup two jails on the system and run the database in one jail and the webserver in the other. ... I thought that a key-feature of a jailed system is that it can't access resources outside the jail. ...
    ... The database for this example is on SBS. ... webserver to access the db on SBS from the external interface. ...
  • Re: Secure Web-Based Administration
    ... > The best option would be to set up sudo to allow this webserver ... somewhat nicer and imho nuch more secure. ... These very same credentials (password + ... passphrase) are then used to store the changed data in a database. ...