Firewalling jails and lo0

Ernie Luzar luzar722 at gmail.com
Sun Aug 7 17:20:48 UTC 2016


Niklaas Baudet von Gersdorff wrote:
> Ernie Luzar [2016-08-07 10:20 -0400] :
> 
>> I believe the loopback interface lo1 needs 127.0.0.0/8 ip address to enable
>> loopback functionally, and the ip address has to be a different sub-net. IE
>> 127.0.10.1 for lo1 while the hosts lo0 uses 127.0.0.1
> 
> Aha. So once I assigned those traffic from/to jails should go
> through lo1 solely?
> 
>     Niklaas

YES.

I am still missing info on your jail.conf. Post the jail.conf file for 
the jails in question. Also what services are running on the host that 
you want to communicate with the smtp jail. You have to change the smtp 
config file to tell it to use the new lo1:127.0.10.2 ip address and you 
have to do the same thing for what ever host service will communicate 
with the smtp jail. They all have to be using the same lo1:127.0.10.2 
ip. Most admin just keep those types of services on the host because its 
just easier.


More information about the freebsd-questions mailing list