Jails and loopback interfaces
bc
bc at default.co.yu
Thu Jul 5 09:20:26 UTC 2007
On Mon, 2007-07-02 at 12:43 -0500, Matt Simerson wrote:
> The problem I have with this arrangement is when a jail attempts to
> connect to the public IP of another jails, the connection fails. So,
> a client running in one jail can't send email to my mail server
> running in another jail.
You can try keeping up-to-date version of /etc/hosts with hostnames of
public services pointing to you 127.0.0.2+ IPs. It's dirty, but at least
keeps your pf.conf clean as much as possible.
It works for me and it should for you if you dont move services around a
lot. Then it requires lots of recursive changes in each jail if you move
some service from one IP to another.
More information about the freebsd-security
mailing list