Two jail questions

Adam Vande More amvandemore at
Thu Oct 19 17:46:15 UTC 2017

On Thu, Oct 19, 2017 at 12:32 PM, Steve Kargl <sgk at troutmask.apl.washington.
edu> wrote:

> 1) If an application (e.g., sshd) needs to reach the internet from a
>    jail, is it required to have the host system running pf (or other
>    packet filtering software)?


> 2) Suppose I have to classes of users on a system: normal users and
>    guest users.  For normal users (including those that are members
>    of the wheel group), I would like those individuals to be able
>    to use ssh to connect to the host system.  For guest users, I
>    want to isolate those users in a jailed environment.  Thus, I'll
>    have sshd running in both the host and jail.  How do I setup
>    such a scheme?

sshd in the jail needs to run on a different port if you're using the same
ip, otherwise if you use an independent networking stack you would
configure as normal.

User X on host != User X on jail


More information about the freebsd-questions mailing list