Date: Sat, 12 Jul 2003 18:43:26 -0700 (PDT) From: "V. Jones" <vjones62@earthlink.net> To: freebsd-security@freebsd.org Subject: jails, ipfilter & stunnel Message-ID: <3083978.1058049961635.JavaMail.nobody@scooter.psp.pas.earthlink.net>
next in thread | raw e-mail | index | archive | help
I'm setting up a server where I plan to use Jails to improve security I also have installed and am configuring ipfilter. Here are my questions: Because I'm using Jails, I will have to have multiple ip aliases on the network interface. I will use ipfilter to specify what can go to each of the addresses. (e.g., allow only incoming to port 80 on the jail running apache). Another jailed server will run mail services (pop, smtp, imap). If I want to allow users to use web based email(over ssl of course), the web server will have to communicate with the mail server. Is there a chance of "information leakage" in this type of setup? Finally, I'd like to use SSL to offer secure web connections & secure email without having to buy two certificates. Am I getting too cute if I accept ssl connections on one ip address and use stunnel to route them to the appropriate jailed server?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3083978.1058049961635.JavaMail.nobody>