Problems with network in jail
Oliver Fromme
olli at lurza.secnetix.de
Thu Jan 8 05:53:23 PST 2009
Spil Oss <spil.oss at googlemail.com> wrote:
> Thanks a lot! Will read up on that. (luckily I do speak
> german/swiss-german). From discussions on ##FreeBSD IRC I learned that
> it is not recommended to use lo0 for jails!
Why would that be not recommended?
In fact I think it is a very good idea to use lo0 addresses
for jails, for security reasons, because they're guaranteed
to not leave your local system. Therefore you have full
control of what the process within the jail can do.
If you want to grant specific network access to a jail
(incoming or outgoing, or both), you add appropriate "fwd"
rules to IPFW.
Best regards
Oliver
--
Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M.
Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung:
secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün-
chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart
FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd
"That's what I love about GUIs: They make simple tasks easier,
and complex tasks impossible."
-- John William Chambless
More information about the freebsd-stable
mailing list