more Fun with Jails.

[Angus MacGyver]

Hi all...

Currently running 5.4, p5 with 4 jails configured and running their own
nice software..

Coming up to looking at the firewall situation..

so, did this..
ipfw add 0100 allow ip from any to any via lo0
... 
...

When I actually set this rule up to log, i can see all traffice between
the 4 jails is going via lo0..
Ok, great, sorta....

1) It's good as nothing is seen on the outside world

2) It's bad, as it means that any traffic to/from all jails and it's
host is allowed, which I may not want to do for any obvious reason.


Question is..
Can I force any traffic from one jail, say 10.0.1.2 to 10.0.1.3 go via a
real interface, say xl0, and then apply nice firewall rules as expected,

or do i have to put up with this situation???

(I am setting up allowing ip from any to any via lo0 simply as a lot of
internal things will break, or so I am led to beleive)

Can anyone assist ?

Regards
AM

-- 
Angus MacGyver <macgyver at calibre-solutions.co.uk>