putting jails on public addresses
Michael Ross
gmx at ross.cx
Thu Aug 21 03:48:13 UTC 2014
On Thu, 21 Aug 2014 05:02:07 +0200, Littlefield, Tyler
<tyler at tysdomain.com> wrote:
> On 8/20/2014 10:50 PM, James Gritton wrote:
>> On 8/20/2014 5:20 PM, Littlefield, Tyler wrote:
>>> Hello:
>>> I'd really like to put a couple of jails on publically accessible IP
>>> addresses. I have 5 that my provider has assigned to me. Could anyone
>>> possibly shed
>>> some light on how to do this? I know of epairs, but I'm not sure
>>> exactly how this works: does each interface (a and b) get an address?
>>> I presume one would
>>> be 192.168.0.8 and the other would be x.x.x.x (where x.x.x.x is the
>>> public address)? Which one should i set the gateway on?
>>> Thanks a lot for the help,
>>
>> You shouldn't need to mess with epair for most jails. Just specify the
>> jails' addresses (ip4.addr=x.x.x.x) in your jail.conf, and be sure to
>> have an "interface=foo0" global line. The simplest jail setup is one
>> using publicly available addresses on a single interface, which sounds
>> like what you have.
>>
> Hello:
> Thanks a lot for the info. I guess I should have been a bit more
> explicit: I want to be able to assign firewall rules to these separate
> jails. I don't think I can assign rules based on address but have to
> have some sort of interface. For example, port 80 will be open on two
> jails, but one should have rate limiting applied to it.
> Thanks,
>
>> - Jamie
>
With ipfw, you could do something like:
allow ip from any to <x.x.x.100> 80
allow ip from any to <x.x.x.101> 80 limit src-addr 4
reset ip from any to me 80 # catch-all
Michael
More information about the freebsd-questions
mailing list