Two jail questions
Adam Vande More
amvandemore at gmail.com
Thu Oct 19 17:46:15 UTC 2017
On Thu, Oct 19, 2017 at 12:32 PM, Steve Kargl <sgk at troutmask.apl.washington.
> 1) If an application (e.g., sshd) needs to reach the internet from a
> jail, is it required to have the host system running pf (or other
> packet filtering software)?
No. See VNET/VIMAGE
> 2) Suppose I have to classes of users on a system: normal users and
> guest users. For normal users (including those that are members
> of the wheel group), I would like those individuals to be able
> to use ssh to connect to the host system. For guest users, I
> want to isolate those users in a jailed environment. Thus, I'll
> have sshd running in both the host and jail. How do I setup
> such a scheme?
sshd in the jail needs to run on a different port if you're using the same
ip, otherwise if you use an independent networking stack you would
configure as normal.
User X on host != User X on jail
More information about the freebsd-questions