IP_BINDANY in a jail?
Patrick M. Hausen
hausen at punkt.de
Tue Feb 4 14:39:30 UTC 2020
Hi all,
is it possible to allow processes in a jail to bind a socket
to an IP address not present in the jail (IP_BINDANY)?
I'm experimenting with transparent proxying using this
feature and ipfw "fwd" rules. Outside of a jail this works
as documented, inside a VNET jail the proxy process logs:
sslh-fork: setsockopt IP_BINDANY:1:Operation not permitted
Thanks,
Patrick
--
punkt.de GmbH
Patrick M. Hausen
.infrastructure
Kaiserallee 13a
76133 Karlsruhe
Tel. +49 721 9109500
https://infrastructure.punkt.de
info at punkt.de
AG Mannheim 108285
Geschäftsführer: Jürgen Egeling, Daniel Lienert, Fabian Stein
More information about the freebsd-net
mailing list