Date: Mon, 5 Nov 2001 12:04:28 -0800 From: Daniel Brown <djb@unixan.com> To: "alexus" <ml@db.nexgen.com> Cc: domas.mituzas@delfi.lt, cjclark@alum.mit.edu, freebsd-security@FreeBSD.ORG Subject: Re: jail Message-ID: <20011105120428.5cad1f50.djb@unixan.com> In-Reply-To: <019601c1661f$d441dcb0$0d00a8c0@alexus> References: <20011105095522.B42590-100000@axis.tdd.lt> <019601c1661f$d441dcb0$0d00a8c0@alexus>
next in thread | previous in thread | raw e-mail | index | archive | help
192.168.x.x and 10.x.x.x IP ranges are non-routable (publicly
accessible), and unless you own the 172.16-19.x.x range, neither is it.
In these cases you do need to use NAT.
However, most uses for Jail are for binding a prison to a publicly
accessible IP address, which means no NAT is necessary.
If you only have one publicly available IP address and you do not intend
them to accept incoming connections, perhaps you should consider binding
your prisons to that IP address instead of the private non-routable IPs
instead. You can run Jail multiple times with the same IP address,
including the primary IP of your machine.
This assumes, of course, that the machine these prisons exist on has a
publicly available IP. If it exists entirely on a private network, you
should turn on NAT on your router/firewall.
-Daniel
------------ Quoted Message ------------
Date...: Mon, 5 Nov 2001 12:32:23 -0500
From...: "alexus" <ml@db.nexgen.com>
To.....: "Domas Mituzas" <domas.mituzas@delfi.lt>
CC.....:
Subject: Re: jail
jail ip is set one of those private ip address like 172.16-19.0.0
192.168.0.0 10.0.0.0
and i have no rules on my firewall
----- Original Message -----
From: "Domas Mituzas" <domas.mituzas@delfi.lt>
To: "alexus" <ml@db.nexgen.com>
Cc: <cjclark@alum.mit.edu>; <freebsd-security@FreeBSD.ORG>
Sent: Monday, November 05, 2001 2:56 AM
Subject: Re: jail
> Hi there,
>
> > i mean they can't go outside of jail to evil internet:] they can't
browse
> > they can't telnet/ssh outside they can't use irc nothing
>
> That depends on which jail IP address you specified, what firewall rules
> you have on that box. Jail is a synonim for fine-tuning userland's
> environment.
>
>
> --
> Regards,
> Domas
>
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011105120428.5cad1f50.djb>