Gateway config

freebsdquestions at schatti.ch freebsdquestions at schatti.ch
Mon May 12 11:29:11 PDT 2003 

>On Sunday 11 May 2003 03:19 pm, freebsdquestions at schatti.ch wrote:
>> Hi all! 
>>
>> Short question: could anyone point me to documents regarding topics:
>> jails! & nat & (ipfw|ip tables) - I'm in process to build a new system...
>> Planned layout: 
>>
>> NET---router/nat-----gateway:freebsd5.x/nat--------inner net 
>>
>>                       |    |    L- apache/php  (lo_alias1)
>>                       |
>>                       |    L------ mail server (lo_alias2) 
>>
>>                       L----------- djbdns      (lo_alias3) 
>>
>> Any hints, do's and dont's ? what about natd/ipnat ? which is better for
>> dynamic rules ? Especially: how to manage that in conjunction with >multiple
>> jails ??
>
>Helps having a subject on these things, especially if a discussion gets 
>brewing. 
>
>I have yet to see any really good articles on the web concerning Jail >setups.  
>The AbsoluteBSD book has a really sweet walk through in getting jails up >and 
>running.  Not much information on how to get your jails updated though, >which 
>I had hoped to research a little bit further. 
>
>I did happen upon the following doing a quick Googling about... 
>
>FreeBSD Jail Software and Docs
>http://memberwebs.com/nielsen/freebsd/jails/> 
>
>FreeBSD Jail Scripts
>http://jailnotes.cg.nu/zcripts 
>
>And the really well written man page...
>man 8 jail 
>
>I too would be curious to see anything additional that you might find on >the 
>subject.  The basic concepts are reasonable enough, but there are a few 
>devilish details I'd like to see more of. 
>
>One item that I'm kind of curious about, and betting others might be as >well.  
>What do you mean by "dynamic rules"?  Dynamic in what sense?  Dynamic as in 
>stateful firewall, or IP, or what?
 

Also, I'd like to see examples of devfs-configurations, and how they are 
stored/restored.. 

Dynamic: In sense of 'stateful firewall'; where to put the rules:before or 
after nat ? 

If anyone has some sort of scripts for jails, devfs - feel free to send me 
those. thx 

Slim

More information about the freebsd-security mailing list