Date: Tue, 4 Feb 2020 15:39:11 +0100 From: "Patrick M. Hausen" <hausen@punkt.de> To: freebsd-net@freebsd.org Subject: IP_BINDANY in a jail? Message-ID: <EED40026-F6C4-4D6C-AA2C-67D2BDEC800D@punkt.de>
next in thread | raw e-mail | index | archive | help
Hi all, is it possible to allow processes in a jail to bind a socket to an IP address not present in the jail (IP_BINDANY)? I'm experimenting with transparent proxying using this feature and ipfw "fwd" rules. Outside of a jail this works as documented, inside a VNET jail the proxy process logs: sslh-fork: setsockopt IP_BINDANY:1:Operation not permitted Thanks, Patrick --=20 punkt.de GmbH Patrick M. Hausen .infrastructure Kaiserallee 13a 76133 Karlsruhe Tel. +49 721 9109500 https://infrastructure.punkt.de info@punkt.de AG Mannheim 108285 Gesch=C3=A4ftsf=C3=BChrer: J=C3=BCrgen Egeling, Daniel Lienert, Fabian = Stein
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?EED40026-F6C4-4D6C-AA2C-67D2BDEC800D>