SUMMARY: Jails and loopback interfaces
Cyril Jaouich
cjaouich at yahoo.ca
Wed Mar 8 13:17:39 PST 2006
Well well,
I have received a lot of answers and solutions.
Setup:
Server A hosts a jail B
Jail B is Webserver and Database server
Want I want to do:
Limit acces to the database by binding the database on the loopback address
(127.0.0.1).
Since you can only use 1 ip in a jail and I am running a Web server it has to
be a routed address (non RFC1918). Also, when a process inside a jail connects
to the loopback (127.0.0.1), you hit the jail's ip and not the loopback ip of
the master server (where the jail sits).
In order to secure my database, it's best to use PF to limit exterior acces.
You can also setup another jail that will use an RFC1919 address.
Thanks to:
Bigby Findrake
Axel Scheepers
Josh Bell
Ricardo A. Reis
Jon
-Cyril
__________________________________________________________
Lèche-vitrine ou lèche-écran ?
magasinage.yahoo.ca
More information about the freebsd-security
mailing list