Jails and loopback interfaces
No at SPAM at mgEDV.net
nospam at mgedv.net
Thu May 4 13:36:02 UTC 2006
> I recently did something like this. I have a webserver in a jail that
> needs to talk to a database, and the webserver is the only thing that
> should talk to the databse.
> My solution was to use 2 jails: one for the webserver, and another for the
> database.
> Jail 1:
> * runs webserver
> * binds to real interface with real, routable IP
> Jail 2:
> * runs database server
> * binds to loopback interface, isn't directly reachable
> from outside the box
just to clarify that for me: you did setup this layout or you
tried to setup this? as i read it, i understand that you did!
i tried exactly the same but currently jails are bound to the specific
ip-address assigned with them so i wonder, how the webserver on a real
ip-address can communicate with the database bound to the loopback ip?
if you could kindly tell, how you solved this issue (we're using 6.1).
More information about the freebsd-security
mailing list