Jails and IP Aliasing
David Allen
the.real.david.allen at gmail.com
Tue Jul 8 14:59:17 UTC 2008
On Mon, Jul 7, 2008 at 2:01 PM, George Hartzell <hartzell at alerce.com> wrote:
>
> Did you take the necessary steps to restrict the IP addresses on which
> sendmail on the host and the jail listen? The jail man page only
> says:
I don't think anyone would get too far with jails in general if the
jail host wasn't properly configured beforehand. To answer your
question, sendmail on the jail host is listening to the loopback
address only. And to the extent it's not redundant or meaningless,
within each jail, sendmail is configured to listen to the jail's IP
address only.
Regrettably, the problem isn't specific to sendmail or any other
service, as an ssh connection would exhibit identical behaviour. Put
simply, all connections from the jail host to any jail are reported as
using that jail's IP address only. Doesn't matter if your viewing the
state from the perspective of the jail host, or from within the jail
itself. Both ends of the connection have the same IP address.
More information about the freebsd-questions
mailing list