From owner-freebsd-security@FreeBSD.ORG  Sat Jul 12 15:46:04 2003
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7352837B401
	for <freebsd-security@freebsd.org>;
	Sat, 12 Jul 2003 15:46:04 -0700 (PDT)
Received: from hawk.mail.pas.earthlink.net (hawk.mail.pas.earthlink.net
	[207.217.120.22])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 101FD43F85
	for <freebsd-security@freebsd.org>;
	Sat, 12 Jul 2003 15:46:04 -0700 (PDT)
	(envelope-from vjones62@earthlink.net)
Received: from scooter.psp.pas.earthlink.net ([207.217.78.185])
	by hawk.mail.pas.earthlink.net with esmtp (Exim 3.33 #1)
	id 19bT7x-0001Kh-00
	for freebsd-security@freebsd.org; Sat, 12 Jul 2003 15:46:01 -0700
Received: from [207.217.78.11] by EarthlinkWAM via HTTP;
	Sat Jul 12 15:46:01 PDT 2003
Message-ID: <3083978.1058049961635.JavaMail.nobody@scooter.psp.pas.earthlink.net>
Date: Sat, 12 Jul 2003 18:43:26 -0700 (PDT)
From: "V. Jones" <vjones62@earthlink.net>
To: freebsd-security@freebsd.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Mailer: Earthlink Web Access Mail version 3.0
Subject: jails, ipfilter & stunnel
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Jul 2003 22:46:04 -0000

I'm setting up a server where I plan to use Jails to improve security
I also have installed and am configuring ipfilter.  Here are my 
questions:

Because I'm using Jails, I will have to have multiple ip aliases on the
network interface.  I will use ipfilter to specify what can go to each 
of the addresses.  (e.g., allow only incoming to port 80 on the jail 
running apache).  

Another jailed server will run mail services (pop, smtp, imap).  If 
I want to allow users to use web based email(over ssl of course), the 
web server  will have to communicate with the mail server.    Is there 
a chance of "information leakage" in this type of setup?

Finally, I'd like to use SSL to offer secure web connections & secure email
without having to buy two certificates.  Am I getting too cute if I accept 
ssl connections on  one ip address and use stunnel to route them to the 
appropriate jailed server?