Re: jail addresses and default bindings

From: "Bjoern A. Zeeb" <bzeeb-lists@xxxxxxxxxxxxxxxxxx>
Date: Sat, 16 Dec 2006 10:13:00 +0000 (UTC)

On Sat, 16 Dec 2006, Gergely CZUCZY wrote:

Hi,

whenever i try to connect to a port of a jail from the
host system, the kernel automaticly assigns the
jail's IP address as the source address to the socket.

I'd assume that this is not a so welcomed behaviour, because

it is because that's the way it always works with inet socket
communitcation. Connect to the looback address and the source address
will be the looback address; connect to any of the other "host
addresses" and the source will be the same address (unless told
to be a different one; see further down).

this way it's hard to distingvish in a packet filter(let's say pf),
among connections originating from within the jail itself or
from the host system to the jail.

I won't ask why you would want to do that if you control it
from the "host" system anyway...

my question is, are there any work in progress around this?
if it's going to be reviewed/fixed/etc, when will it going to
happen, and into which stable/release branch is it planned?

No if you want that make sure your connections comes from the
"host system" bind to the IP of the "host system" (or one of
them). telnet -s, BindAddress of ssh, ... are your friends.

--
Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT
_______________________________________________
freebsd-net@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@xxxxxxxxxxx"

Follow-Ups:
- Re: [fbsd] Re: jail addresses and default bindings
  - From: Jeremie Le Hen

References:
- jail addresses and default bindings
  - From: Gergely CZUCZY

Prev by Date: Re: Runtime control for the IPFIREWALL_FORWARD
Next by Date: UDP lite for FreeBSD
Previous by thread: jail addresses and default bindings
Next by thread: Re: [fbsd] Re: jail addresses and default bindings
Index(es):
- Date
- Thread

Relevant Pages

Re: strange pw behaviour
... Did you add the users/groups to the jail, ... that the group file you added this to is the same group file that is being ... For example, if you have a user "wmoran" with uid 1501 in the host system, ... it seems smarter to keep jailed filesystems completely ...
(freebsd-questions)
RE: Managing updates in jails
... after having mount_nullfs'd /usr/ports from the host system ... Subject: Managing updates in jails ... I'm a recent convert to FreeBSD, mainly because of the jail ... then repeating the process inside the template jail. ...
(freebsd-questions)
Re: strange pw behaviour
... For example, on one of my jail systems, I have ... I'm using pw from the host system, ... All group names are displayed right, according to the entries ... resulted in 7 directories showing and only 3 showing Permission denied. ...
(freebsd-questions)
Re: HEADSUP: Filesystem rototiling over
... the host system: let's say we have a jail called "named". ... The following patch nullifies the previous one, ... When the first one is made true, then rc.d/jail will mount (resp. ...
(freebsd-current)
Re: Jail + sysv shmem
... > private SysV IPC memory spaces for the host system and each jail: ... > ask for SysV IPC inside of jailed hosting environments. ... Public PGP key: http://www.metro.cx/pubkey-gmc.asc Wondering about the funny attachment your mail program can't read? ...
(freebsd-hackers)