From owner-freebsd-jail@FreeBSD.ORG Tue Jan 1 22:13:04 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 58FB216A41B; Tue, 1 Jan 2008 22:13:04 +0000 (UTC) (envelope-from freebsd@hub.org) Received: from hub.org (hub.org [200.46.204.220]) by mx1.freebsd.org (Postfix) with ESMTP id 1728413C44B; Tue, 1 Jan 2008 22:12:58 +0000 (UTC) (envelope-from freebsd@hub.org) Received: from localhost (unknown [200.46.204.187]) by hub.org (Postfix) with ESMTP id 1F97E11FDCFA; Tue, 1 Jan 2008 17:55:30 -0400 (AST) Received: from hub.org ([200.46.204.220]) by localhost (mx1.hub.org [200.46.204.187]) (amavisd-maia, port 10024) with ESMTP id 32672-08; Tue, 1 Jan 2008 17:55:26 -0400 (AST) Received: from fserv.hub.org (blk-7-245-234.eastlink.ca [71.7.245.234]) by hub.org (Postfix) with ESMTP id 9E01511FDCCC; Tue, 1 Jan 2008 17:55:29 -0400 (AST) Received: from [192.168.1.2] (unknown [192.168.1.2]) by fserv.hub.org (Postfix) with ESMTP id 0EAC18AFBC; Tue, 1 Jan 2008 17:55:32 -0400 (AST) Date: Tue, 01 Jan 2008 17:54:29 -0400 From: "Marc G. Fournier" To: Karl Triebes , Andy Dills Message-ID: <0D9415B1CEBF21AD9A14FB5E@ganymede.hub.org> In-Reply-To: <26a198490712311910l4dd05238vbe6bebad33066f@mail.gmail.com> References: <26a198490712311910l4dd05238vbe6bebad33066f@mail.gmail.com> X-Mailer: Mulberry/4.0.8 (Linux/x86) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline Cc: Pollywog , freebsd-jail@freebsd.org, Giorgos Keramidas , Colin Percival , freebsd-questions@freebsd.org Subject: Re: Future development of Jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Jan 2008 22:13:04 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 You mean like: and: - --On Monday, December 31, 2007 19:10:51 -0800 Karl Triebes wrote: > On Dec 31, 2007 5:51 PM, Andy Dills wrote: > >> Not that I have a pile of money laying around I could throw at it, but the >> thing I wish for most from FreeBSD is a more mature and robust jail >> implementation. Specifically, the ability to implement per-jail quotas and >> resource limitations on disk, memory, network and cpu. I'd really love a >> seperate network stack for each jail...that's critical for a plethora of >> reasons. I'd be curious what sort of commitment (in $) that would require. > > I would like to see per-jail quotas such as the ones Andy mentions, > and would like to hear if anyone would be interested in doing it for > the right price. You may contact me via this list or in private. > > Cheers, and, a happy New Year. > > Karl. > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" - ---- Marc G. Fournier Hub.Org Networking Services (http://www.hub.org) Email . scrappy@hub.org MSN . scrappy@hub.org Yahoo . yscrappy Skype: hub.org ICQ . 7615664 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQFHeraV4QvfyHIvDvMRApXeAJ9K+cwH1U8DKc7BbPOZKEOS8QwwQQCg4jbB HgqqfQWVKfMmM73Wj7+FN44= =WYax -----END PGP SIGNATURE----- From owner-freebsd-jail@FreeBSD.ORG Wed Jan 2 12:10:54 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5FC0916A417 for ; Wed, 2 Jan 2008 12:10:54 +0000 (UTC) (envelope-from andrew.hotlab@hotmail.com) Received: from bay0-omc1-s1.bay0.hotmail.com (bay0-omc1-s1.bay0.hotmail.com [65.54.246.73]) by mx1.freebsd.org (Postfix) with ESMTP id 49C9513C447 for ; Wed, 2 Jan 2008 12:10:54 +0000 (UTC) (envelope-from andrew.hotlab@hotmail.com) Received: from BAY138-DS1 ([64.4.49.28]) by bay0-omc1-s1.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959); Wed, 2 Jan 2008 04:10:54 -0800 X-Originating-IP: [217.133.1.92] X-Originating-Email: [andrew.hotlab@hotmail.com] Message-ID: From: "Andrew Hotlab" To: "Jon Passki" In-Reply-To: References: Date: Wed, 2 Jan 2008 13:10:53 +0100 MIME-Version: 1.0 X-Unsent: 1 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal Importance: Normal X-Mailer: Microsoft Windows Live Mail 12.0.1606 X-MimeOLE: Produced By Microsoft MimeOLE V12.0.1606 X-OriginalArrivalTime: 02 Jan 2008 12:10:54.0106 (UTC) FILETIME=[85F607A0:01C84D38] Cc: FreeBSD-Jail Subject: Re: How to better update a jail host system X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Jan 2008 12:10:54 -0000 -------------------------------------------------- From: "Jon Passki" Sent: Tuesday, December 25, 2007 5:48 AM To: "Andrew Hotlab" Cc: "FreeBSD-Jail" Subject: Re: How to better update a jail host system > You can re-create your binary jail setup easily from sysinstall: > > sysinstall _ftpPath=ftp://ftp.FreeBSD.org/pub/FreeBSD/ > nonInteractive=yes mediaSetFTP releaseName=6.2-RELEASE dists=base > distSetCustom installRoot=/path/to/jail installCommit > > Then, the only thing you have to manage is packages. With a patched > freebsd-update [2], you can even update from 6.2 to 6.3. If ezjail > supports a binary tarball update, it would be trivial to take the > output of the sysinstall and freebsd-update and roll one. > I had not ever considered using sysinstall(8) as an option to create jails: it sounds good, expecially to a sysadmin who had never had to compile nothing, like me! As you pointed out, until ezjail(5) doesn't support that procedure I won't likely use it in production, since the advantages that Dirk's framework brings in managing jails are more valuable to me than the "annoyance" of compiling from sources! :) Andrew From owner-freebsd-jail@FreeBSD.ORG Wed Jan 2 12:12:25 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9596F16A419 for ; Wed, 2 Jan 2008 12:12:25 +0000 (UTC) (envelope-from andrew.hotlab@hotmail.com) Received: from bay0-omc1-s35.bay0.hotmail.com (bay0-omc1-s35.bay0.hotmail.com [65.54.246.107]) by mx1.freebsd.org (Postfix) with ESMTP id 7B27F13C442 for ; Wed, 2 Jan 2008 12:12:25 +0000 (UTC) (envelope-from andrew.hotlab@hotmail.com) Received: from BAY138-DS2 ([64.4.49.29]) by bay0-omc1-s35.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959); Wed, 2 Jan 2008 04:12:25 -0800 X-Originating-IP: [217.133.1.92] X-Originating-Email: [andrew.hotlab@hotmail.com] Message-ID: From: "Andrew Hotlab" To: "Alexander Leidinger" In-Reply-To: <20071220083441.uo6hmypq84ssoowc@webmail.leidinger.net><20071220164656.1acd2b45@deskjail> <20071230004139.yvolsno8gsks0k0g@webmail.leidinger.net> References: <20071220083441.uo6hmypq84ssoowc@webmail.leidinger.net><20071220164656.1acd2b45@deskjail> <20071230004139.yvolsno8gsks0k0g@webmail.leidinger.net> Date: Wed, 2 Jan 2008 13:12:24 +0100 MIME-Version: 1.0 X-Unsent: 1 Content-Type: text/plain; format=flowed; charset="utf-8"; reply-type=response Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal Importance: Normal X-Mailer: Microsoft Windows Live Mail 12.0.1606 X-MimeOLE: Produced By Microsoft MimeOLE V12.0.1606 X-OriginalArrivalTime: 02 Jan 2008 12:12:25.0538 (UTC) FILETIME=[BC757220:01C84D38] Cc: FreeBSD-Jail Subject: Re: How to better update a jail host system X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Jan 2008 12:12:25 -0000 -------------------------------------------------- From: "Alexander Leidinger" Sent: Sunday, December 30, 2007 12:41 AM To: "Andrew Hotlab" Cc: "FreeBSD-Jail" Subject: Re: How to better update a jail host system >> I've spent some time on the past days to find how to build a world >> which contains only the "Binary base" and "man" distributions (as I >> always select from the sysinstall menu options during the first server >> setup), but I didn't found any article or man page which helped me. > > I don't know exactly what is in the binary and man dists, but what you > need to do is either to just grab the new dists from an FTP server and > extract them over the old ones, or to have a look what is installed by a > make world what is not in those dists and have a look for WITHOUT_ knobs > which exclude those parts from the build/install. There may be not enough > WITHOU_ knobs to produce those dists, as they are generated in a > different way (make release). Ok, thank you Alexander! But what do you think about upgrading the server on the "installed binary distribution" basis? Perhaps it sounds good to me because I'm coming from Windows Server experience (where it's important to maintain only the Windows components you need, in order to reduce the attack surface). Maintaining as few as possible binary distributions is so important in FreeBSD too, or it helps only to grow unnecessary system complexity? TIA Andrew From owner-freebsd-jail@FreeBSD.ORG Wed Jan 2 13:17:46 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 65FCE16A417 for ; Wed, 2 Jan 2008 13:17:46 +0000 (UTC) (envelope-from alexander@leidinger.net) Received: from redbull.bpaserver.net (redbullneu.bpaserver.net [213.198.78.217]) by mx1.freebsd.org (Postfix) with ESMTP id E3AE013C46E for ; Wed, 2 Jan 2008 13:17:45 +0000 (UTC) (envelope-from alexander@leidinger.net) Received: from outgoing.leidinger.net (p54A54BD9.dip.t-dialin.net [84.165.75.217]) by redbull.bpaserver.net (Postfix) with ESMTP id 0C28C2E0BF; Wed, 2 Jan 2008 14:17:33 +0100 (CET) Received: from deskjail (deskjail.Leidinger.net [192.168.1.109]) by outgoing.leidinger.net (Postfix) with ESMTP id C44F478498; Wed, 2 Jan 2008 14:17:27 +0100 (CET) Date: Wed, 2 Jan 2008 14:10:19 +0100 From: Alexander Leidinger To: "Andrew Hotlab" Message-ID: <20080102141019.3a0c9b1d@deskjail> In-Reply-To: References: <20071220083441.uo6hmypq84ssoowc@webmail.leidinger.net> <20071220164656.1acd2b45@deskjail> <20071230004139.yvolsno8gsks0k0g@webmail.leidinger.net> X-Mailer: Claws Mail 3.0.2 (GTK+ 2.12.3; i686-portbld-freebsd8.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BPAnet-MailScanner-Information: Please contact the ISP for more information X-BPAnet-MailScanner: Found to be clean X-BPAnet-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=-14.9, required 6, BAYES_00 -15.00, RDNS_DYNAMIC 0.10) X-BPAnet-MailScanner-From: alexander@leidinger.net X-Spam-Status: No Cc: FreeBSD-Jail Subject: Re: How to better update a jail host system X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Jan 2008 13:17:46 -0000 Quoting "Andrew Hotlab" (Wed, 2 Jan 2008 13:12:24 +0100): > -------------------------------------------------- > From: "Alexander Leidinger" > Sent: Sunday, December 30, 2007 12:41 AM > To: "Andrew Hotlab" > Cc: "FreeBSD-Jail" > Subject: Re: How to better update a jail host system > > >> I've spent some time on the past days to find how to build a world > >> which contains only the "Binary base" and "man" distributions (as I > >> always select from the sysinstall menu options during the first server > >> setup), but I didn't found any article or man page which helped me. > > > > I don't know exactly what is in the binary and man dists, but what you > > need to do is either to just grab the new dists from an FTP server and > > extract them over the old ones, or to have a look what is installed by a > > make world what is not in those dists and have a look for WITHOUT_ knobs > > which exclude those parts from the build/install. There may be not enough > > WITHOU_ knobs to produce those dists, as they are generated in a > > different way (make release). > > Ok, thank you Alexander! But what do you think about upgrading the server on > the "installed binary distribution" basis? Perhaps it sounds good to me > because I'm coming from Windows Server experience (where it's important to > maintain only the Windows components you need, in order to reduce the attack > surface). Maintaining as few as possible binary distributions is so > important in FreeBSD too, or it helps only to grow unnecessary system > complexity? If an attacker has access to a machine, he can probably transfer all what he wants to the system. So often it doesn't matter if you have all or files or not. If there's a problem with a SUID program in the additional stuff, you may be more at risk at some point in time than when you only install a limited set of stuff. Personally I would install everything and maybe remove the SUID bit from stuff I don't use (use a list of programs which are allowed to be SUID/SGID and remove all SUID/SGID bits from files in this list after a search with "find / -perm +06000 -print"). This can be scripted, and I think it is less work to do it this way than to try to install only what is in a distribution (but I may be biased, as I do all updates from source). Bye, Alexander. -- "Ahhh! We're gonna die! Right?" -Fry "Right." -Bender "Ahhh!" -Fry http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137 From owner-freebsd-jail@FreeBSD.ORG Thu Jan 3 10:51:52 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1059E16A418 for ; Thu, 3 Jan 2008 10:51:52 +0000 (UTC) (envelope-from yanicher@gmail.com) Received: from fg-out-1718.google.com (fg-out-1718.google.com [72.14.220.153]) by mx1.freebsd.org (Postfix) with ESMTP id 8F3DC13C442 for ; Thu, 3 Jan 2008 10:51:50 +0000 (UTC) (envelope-from yanicher@gmail.com) Received: by fg-out-1718.google.com with SMTP id 16so4079590fgg.35 for ; Thu, 03 Jan 2008 02:51:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:content-type:content-transfer-encoding; bh=z6X94ttXlm9a9NylRj7SDundWm8Lz4XytKrPbuuFJLI=; b=wKkc5+AkZz3ew8KHnBYg5kU48IErEYsEuBUP8QIppoLlbX2xt3d4zXwSE/ECshdZ8HjW1akBiIc07PfuXWvQs1mreWhobOQw9bD0rnQod9X099jbKBnb6Hj3STtXPfpqRyyVH7SodrRzkO5Rtn9AObd3GAYiO2JxxOzAcvjlQbU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:content-type:content-transfer-encoding; b=wkvCrdqvz+8oiXGpfn3lGLLcoVKJXGbssoWEp4JpoTid7YFk+ACwgVLjNULQejfgIGDdGVcmuAMtxGOgmN8sRUiJG7ZCyQcJ66cHg+Kef2kBiyIrj3L0ZIT+tF2WkWCG8+nJu5TvT/mfi0VvcKd+Op4retoVFDCa82tzddtv3WA= Received: by 10.86.95.20 with SMTP id s20mr15461190fgb.63.1199356042831; Thu, 03 Jan 2008 02:27:22 -0800 (PST) Received: from ?192.168.3.199? ( [212.72.208.162]) by mx.google.com with ESMTPS id y18sm21600574fkd.17.2008.01.03.02.27.20 (version=TLSv1/SSLv3 cipher=RC4-MD5); Thu, 03 Jan 2008 02:27:21 -0800 (PST) Message-ID: <477CB87D.3050304@gmail.com> Date: Thu, 03 Jan 2008 12:27:09 +0200 From: Yong Taro User-Agent: Thunderbird 2.0.0.9 (Windows/20071031) MIME-Version: 1.0 To: FreeBSD-Jail References: <20071220083441.uo6hmypq84ssoowc@webmail.leidinger.net> <20071220164656.1acd2b45@deskjail> <20071230004139.yvolsno8gsks0k0g@webmail.leidinger.net> <20080102141019.3a0c9b1d@deskjail> In-Reply-To: <20080102141019.3a0c9b1d@deskjail> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: web services in host and jailed systems X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Jan 2008 10:51:52 -0000 hello, you can welcome another jail-user. So far have some confusions, and need to clarify them out. On the host system I want to have a webserver IP1:80 that expose some static content with not {POST,CGI} support. On the jailed system I want to have another webserver IP2:80 that expose some blogging services that has full HTTP support. Question: once the IP2 is on the same network card (alias to the IP1 - if I got it right. IP1 is a real IP) how those two services will serve the right users ? Did I missed something ? thanks. From owner-freebsd-jail@FreeBSD.ORG Thu Jan 3 10:59:47 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BD69416A41B for ; Thu, 3 Jan 2008 10:59:47 +0000 (UTC) (envelope-from michel@douyere.com) Received: from smtp4-g19.free.fr (smtp4-g19.free.fr [212.27.42.30]) by mx1.freebsd.org (Postfix) with ESMTP id 8296413C461 for ; Thu, 3 Jan 2008 10:59:47 +0000 (UTC) (envelope-from michel@douyere.com) Received: from smtp4-g19.free.fr (localhost.localdomain [127.0.0.1]) by smtp4-g19.free.fr (Postfix) with ESMTP id 216B13EA12F for ; Thu, 3 Jan 2008 11:59:46 +0100 (CET) Received: from cyan.douyere.com (laf31-3-82-225-216-24.fbx.proxad.net [82.225.216.24]) by smtp4-g19.free.fr (Postfix) with ESMTP id 110F63EA0B1 for ; Thu, 3 Jan 2008 11:59:45 +0100 (CET) From: Michel To: FreeBSD-Jail Date: Thu, 3 Jan 2008 11:59:44 +0100 User-Agent: KMail/1.9.7 References: <20080102141019.3a0c9b1d@deskjail> <477CB87D.3050304@gmail.com> In-Reply-To: <477CB87D.3050304@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Message-Id: <200801031159.44964.michel@douyere.com> Subject: Re: web services in host and jailed systems X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Jan 2008 10:59:47 -0000 Le jeudi 3 janvier 2008, Yong Taro a =E9crit=A0: > hello, > you can welcome another jail-user. > > So far have some confusions, and need to clarify them out. > > On the host system I want to have a webserver IP1:80 that expose some > static content with not {POST,CGI} support. > On the jailed system I want to have another webserver IP2:80 that expose > some blogging services that has full HTTP support. > > Question: once the IP2 is on the same network card (alias to the IP1 - > if I got it right. IP1 is a real IP) how those two services > will serve the right users ? Did I missed something ? > > thanks. > _______________________________________________ Yes : from the man page The following frequently deployed ser- vices must have their individual configuration files modified to limit the application to listening to a specific IP address: To configure sshd(8), it is necessary to modify /etc/ssh/sshd_config. To configure sendmail(8), it is necessary to modify /etc/mail/sendmail.cf. For named(8), it is necessary to modify /etc/namedb/named.conf. And for Apache you must have a look at hpptd.conf and change=20 Listen 80 for Listen IP1:80 From owner-freebsd-jail@FreeBSD.ORG Thu Jan 3 11:19:18 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1272C16A52E for ; Thu, 3 Jan 2008 11:19:18 +0000 (UTC) (envelope-from yanicher@gmail.com) Received: from fg-out-1718.google.com (fg-out-1718.google.com [72.14.220.156]) by mx1.freebsd.org (Postfix) with ESMTP id 1307E13C458 for ; Thu, 3 Jan 2008 11:19:16 +0000 (UTC) (envelope-from yanicher@gmail.com) Received: by fg-out-1718.google.com with SMTP id 16so4084930fgg.35 for ; Thu, 03 Jan 2008 03:19:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:content-type:content-transfer-encoding; bh=2PjVUjUK82iqQtIsZuUpNt0h8d6tfDK+ZKhFP1ySc3k=; b=oqifQxxCDK5Uz0AmLs81xLioZrgJKp+35RjyU6/BrR6r3LnXWt8NFriShUJO/+dLUNSqER/3cKMQU4hTHEuWIB/5lktT672cwirJyb1j148xv1M29vBPmnpQaFO8AJfTwS8uc6NDjVhCA6ZNspvPyDO6csEZ6UQAgIUFFiAkE60= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:content-type:content-transfer-encoding; b=Qe64JC69/BE+ItKqclpMjLXJ8DNVvnqFE4WFkBv1siKopgGdVPKMHnMoxzsLchl6gRJiAlx84LqANRj93062eXi4s32Uo66FJMzG0VqH14u290oKB2Wi9MTG9pMjx8C/e6lcpQsGadeqSgI+VRC7aMEHChvLrkvE4hOsD8qMmqo= Received: by 10.86.50.8 with SMTP id x8mr15537386fgx.30.1199359155544; Thu, 03 Jan 2008 03:19:15 -0800 (PST) Received: from ?192.168.3.199? ( [212.72.208.162]) by mx.google.com with ESMTPS id d13sm21672015fka.16.2008.01.03.03.19.14 (version=TLSv1/SSLv3 cipher=RC4-MD5); Thu, 03 Jan 2008 03:19:14 -0800 (PST) Message-ID: <477CC4A6.7010400@gmail.com> Date: Thu, 03 Jan 2008 13:19:02 +0200 From: Yong Taro User-Agent: Thunderbird 2.0.0.9 (Windows/20071031) MIME-Version: 1.0 To: FreeBSD-Jail References: <20080102141019.3a0c9b1d@deskjail> <477CB87D.3050304@gmail.com> <200801031159.44964.michel@douyere.com> In-Reply-To: <200801031159.44964.michel@douyere.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit Subject: Re: web(HTTP) services in host and jailed systems X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Jan 2008 11:19:18 -0000 Sorry, I will reformulate I want to have the following: "mydomain.com" and "myblog.com" will resolve to IP1. "mydomain.com" will be serverved by the webserver listening on IP1:80 "myblog.com" will be server by the webserver listening on IP2:80 - which is a jailed system. is this possible ? Michel wrote: > Le jeudi 3 janvier 2008, Yong Taro a écrit : > >> hello, >> you can welcome another jail-user. >> >> So far have some confusions, and need to clarify them out. >> >> On the host system I want to have a webserver IP1:80 that expose some >> static content with not {POST,CGI} support. >> On the jailed system I want to have another webserver IP2:80 that expose >> some blogging services that has full HTTP support. >> >> Question: once the IP2 is on the same network card (alias to the IP1 - >> if I got it right. IP1 is a real IP) how those two services >> will serve the right users ? Did I missed something ? >> >> thanks. >> _______________________________________________ >> > > Yes : from the man page > > The following frequently deployed ser- > vices must have their individual configuration files modified to limit > the application to listening to a specific IP address: > > To configure sshd(8), it is necessary to modify /etc/ssh/sshd_config. > > To configure sendmail(8), it is necessary to modify > /etc/mail/sendmail.cf. > > For named(8), it is necessary to modify /etc/namedb/named.conf. > > And for Apache you must have a look at hpptd.conf and change > Listen 80 > for > Listen IP1:80 > > > _______________________________________________ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" > > From owner-freebsd-jail@FreeBSD.ORG Thu Jan 3 11:53:28 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C780816A41B for ; Thu, 3 Jan 2008 11:53:28 +0000 (UTC) (envelope-from michel@douyere.com) Received: from smtp4-g19.free.fr (smtp4-g19.free.fr [212.27.42.30]) by mx1.freebsd.org (Postfix) with ESMTP id 8D3D213C455 for ; Thu, 3 Jan 2008 11:53:28 +0000 (UTC) (envelope-from michel@douyere.com) Received: from smtp4-g19.free.fr (localhost.localdomain [127.0.0.1]) by smtp4-g19.free.fr (Postfix) with ESMTP id B32D53EA0F4 for ; Thu, 3 Jan 2008 12:53:27 +0100 (CET) Received: from cyan.douyere.com (laf31-3-82-225-216-24.fbx.proxad.net [82.225.216.24]) by smtp4-g19.free.fr (Postfix) with ESMTP id A2C263EA0D3 for ; Thu, 3 Jan 2008 12:53:27 +0100 (CET) From: Michel To: FreeBSD-Jail Date: Thu, 3 Jan 2008 12:53:27 +0100 User-Agent: KMail/1.9.7 References: <200801031159.44964.michel@douyere.com> <477CC4A6.7010400@gmail.com> In-Reply-To: <477CC4A6.7010400@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Message-Id: <200801031253.27213.michel@douyere.com> Subject: Re: web(HTTP) services in host and jailed systems X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Jan 2008 11:53:28 -0000 Le jeudi 3 janvier 2008, Yong Taro a =E9crit=A0: > Sorry, I will reformulate > > I want to have the following: > "mydomain.com" and "myblog.com" will resolve to IP1. > "mydomain.com" will be serverved by the webserver listening on IP1:80 > "myblog.com" will be server by the webserver listening on IP2:80 - which > is a jailed system. > > is this possible ? > Use a proxy on the host to rewrite IP on a per-domain way ? =46or apache the proxy directive may be used in a virtual host context (thi= s is=20 for the per-domain way) ... but I never use the proxying capability of=20 apache ! From owner-freebsd-jail@FreeBSD.ORG Thu Jan 3 12:11:01 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DB10016A469 for ; Thu, 3 Jan 2008 12:11:01 +0000 (UTC) (envelope-from yanicher@gmail.com) Received: from fg-out-1718.google.com (fg-out-1718.google.com [72.14.220.158]) by mx1.freebsd.org (Postfix) with ESMTP id 64C8213C46A for ; Thu, 3 Jan 2008 12:11:01 +0000 (UTC) (envelope-from yanicher@gmail.com) Received: by fg-out-1718.google.com with SMTP id 16so4094371fgg.35 for ; Thu, 03 Jan 2008 04:11:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:content-type:content-transfer-encoding; bh=js3nas0HkmiMTwAQVVtL+Ba3PR0yq87YcM9TXp1TSH8=; b=H1srV5DJCGMipoA8FDNaTNMqWc2ZDrXFOnjXaOAd2Qrtybad5Sw0JMkk6qtH+dhfET0UX9kXvVq9+BQ8J/JrHn9rD7iHrscBAjkLNJ1TOROvA+aDmE6XxbxRgy+AIfZ2sRyOqizVXR8JvCvfW3un1YQb5d/xA1dT162jYEwc4IE= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:content-type:content-transfer-encoding; b=VA3ciwZ0GGPSqWJh4GgIsEcuGSHhRnpiyyD/9SM85D3ZebtZCuNWQswdcwBhjjz+GknI33gy1h2ppe/mrhBlL7Fka+b+Kh3FMoPwRBqFvDJho4xm7f8PI67au9XSZi07tFx00kc/lkbsSqbagiFKqiL9CnVQD3XH1LfVEZN4PTw= Received: by 10.82.155.10 with SMTP id c10mr19894239bue.39.1199362259874; Thu, 03 Jan 2008 04:10:59 -0800 (PST) Received: from ?192.168.3.199? ( [212.72.208.162]) by mx.google.com with ESMTPS id g28sm21671454fkg.2.2008.01.03.04.10.58 (version=TLSv1/SSLv3 cipher=RC4-MD5); Thu, 03 Jan 2008 04:10:59 -0800 (PST) Message-ID: <477CD0C6.3050903@gmail.com> Date: Thu, 03 Jan 2008 14:10:46 +0200 From: Yong Taro User-Agent: Thunderbird 2.0.0.9 (Windows/20071031) MIME-Version: 1.0 To: FreeBSD-Jail References: <200801031159.44964.michel@douyere.com> <477CC4A6.7010400@gmail.com> <200801031253.27213.michel@douyere.com> In-Reply-To: <200801031253.27213.michel@douyere.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit Subject: Re: web(HTTP) services in host and jailed systems X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Jan 2008 12:11:01 -0000 merci. Michel wrote: > Le jeudi 3 janvier 2008, Yong Taro a écrit : > >> Sorry, I will reformulate >> >> I want to have the following: >> "mydomain.com" and "myblog.com" will resolve to IP1. >> "mydomain.com" will be serverved by the webserver listening on IP1:80 >> "myblog.com" will be server by the webserver listening on IP2:80 - which >> is a jailed system. >> >> is this possible ? >> >> > > Use a proxy on the host to rewrite IP on a per-domain way ? > For apache the proxy directive may be used in a virtual host context (this is > for the per-domain way) ... but I never use the proxying capability of > apache ! > _______________________________________________ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" > > From owner-freebsd-jail@FreeBSD.ORG Thu Jan 3 12:17:05 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3EAF016A419 for ; Thu, 3 Jan 2008 12:17:05 +0000 (UTC) (envelope-from loic@frozenbox.com) Received: from postfix1-g20.free.fr (postfix1-g20.free.fr [212.27.60.42]) by mx1.freebsd.org (Postfix) with ESMTP id CB93013C447 for ; Thu, 3 Jan 2008 12:17:04 +0000 (UTC) (envelope-from loic@frozenbox.com) Received: from smtp4-g19.free.fr (smtp4-g19.free.fr [212.27.42.30]) by postfix1-g20.free.fr (Postfix) with ESMTP id 80AAF20E3D32 for ; Thu, 3 Jan 2008 12:50:31 +0100 (CET) Received: from smtp4-g19.free.fr (localhost.localdomain [127.0.0.1]) by smtp4-g19.free.fr (Postfix) with ESMTP id D72C63EA0E2; Thu, 3 Jan 2008 12:50:29 +0100 (CET) Received: from mx.frozenbox.com (lns-bzn-51f-81-56-130-224.adsl.proxad.net [81.56.130.224]) by smtp4-g19.free.fr (Postfix) with ESMTP id B97723EA12A; Thu, 3 Jan 2008 12:50:29 +0100 (CET) Received: from [192.168.1.2] (unknown [91.91.250.65]) by mx.frozenbox.com (Postfix) with ESMTP id 550F139240C; Thu, 3 Jan 2008 12:50:52 +0100 (CET) Message-ID: <477CCC04.8040106@frozenbox.com> Date: Thu, 03 Jan 2008 12:50:28 +0100 From: =?ISO-8859-1?Q?Lo=EFc_Pefferkorn?= User-Agent: Thunderbird 2.0.0.6 (X11/20070914) MIME-Version: 1.0 To: Yong Taro References: <20080102141019.3a0c9b1d@deskjail> <477CB87D.3050304@gmail.com> <200801031159.44964.michel@douyere.com> <477CC4A6.7010400@gmail.com> In-Reply-To: <477CC4A6.7010400@gmail.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Cc: FreeBSD-Jail Subject: Re: web(HTTP) services in host and jailed systems X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Jan 2008 12:17:05 -0000 Hello, Yes it is possible using a "reverse proxy". Apache is able to do it with its mod_proxy* modules. Loic Yong Taro a écrit : > Sorry, I will reformulate > > I want to have the following: > "mydomain.com" and "myblog.com" will resolve to IP1. > "mydomain.com" will be serverved by the webserver listening on IP1:80 > "myblog.com" will be server by the webserver listening on IP2:80 - which > is a jailed system. > > is this possible ? > > > Michel wrote: >> Le jeudi 3 janvier 2008, Yong Taro a écrit : >> >>> hello, >>> you can welcome another jail-user. >>> >>> So far have some confusions, and need to clarify them out. >>> >>> On the host system I want to have a webserver IP1:80 that expose some >>> static content with not {POST,CGI} support. >>> On the jailed system I want to have another webserver IP2:80 that expose >>> some blogging services that has full HTTP support. >>> >>> Question: once the IP2 is on the same network card (alias to the IP1 - >>> if I got it right. IP1 is a real IP) how those two services >>> will serve the right users ? Did I missed something ? >>> >>> thanks. >>> _______________________________________________ >>> >> >> Yes : from the man page >> >> The following frequently deployed ser- >> vices must have their individual configuration files modified to >> limit >> the application to listening to a specific IP address: >> >> To configure sshd(8), it is necessary to modify >> /etc/ssh/sshd_config. >> >> To configure sendmail(8), it is necessary to modify >> /etc/mail/sendmail.cf. >> >> For named(8), it is necessary to modify /etc/namedb/named.conf. >> >> And for Apache you must have a look at hpptd.conf and change Listen 80 >> for >> Listen IP1:80 >> >> >> _______________________________________________ >> freebsd-jail@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-jail >> To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" >> >> > > _______________________________________________ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" >