Configuring JAIL to bind on lo0 interface
Lawrence Sica
lomion at mac.com
Fri Dec 19 09:21:11 PST 2003
On Dec 19, 2003, at 12:13 PM, Ilya Kiselyov wrote:
> Hello!
>
>>>> Can anybody help me with that problem. For now i set it up on
>>>> external IP
>>>> and everythig is okej. But i want to have this jail on diffrent
>>>> iface that
>>>> is not an external iface and is set for example on 127.0.0.10.
>>>
>>> You should probably use a real ip for jail, not from 127.0.0.0/8.
>>>
>>
>> So there is no chance to set it up on 127.0.0.0/8 and have access to
>> internet ? I wanted to have some daemons listenig on aliased IP on lo0
>> iface. And then set up few rules on firewall to forward traffic from
>> external
>> IP to those ip on lo0 interface.
>
> In case you just want it to be on lo0, you can set up a real ip alias
> on lo0. If you need both lo0 AND 127.0.0.0/8... Well, do you _really_
> need such a configuration?
>
Changing the ip on lo0 can be break things or expose you, a lot of
sensitive stuff goes over localhost, so be very very carfeul mucking
with the ip on lo0.
--Larry
More information about the freebsd-security
mailing list