Firewalling jails and lo0
Ernie Luzar
luzar722 at gmail.com
Sun Aug 7 17:20:48 UTC 2016
Niklaas Baudet von Gersdorff wrote:
> Ernie Luzar [2016-08-07 10:20 -0400] :
>
>> I believe the loopback interface lo1 needs 127.0.0.0/8 ip address to enable
>> loopback functionally, and the ip address has to be a different sub-net. IE
>> 127.0.10.1 for lo1 while the hosts lo0 uses 127.0.0.1
>
> Aha. So once I assigned those traffic from/to jails should go
> through lo1 solely?
>
> Niklaas
YES.
I am still missing info on your jail.conf. Post the jail.conf file for
the jails in question. Also what services are running on the host that
you want to communicate with the smtp jail. You have to change the smtp
config file to tell it to use the new lo1:127.0.10.2 ip address and you
have to do the same thing for what ever host service will communicate
with the smtp jail. They all have to be using the same lo1:127.0.10.2
ip. Most admin just keep those types of services on the host because its
just easier.
More information about the freebsd-pf
mailing list