Date: Thu, 11 Nov 2010 09:51:05 +0100 From: "Nikos Vassiliadis" <nvass9573@gmx.com> To: "Andrei Kolu" <antik@bsd.ee>,freebsd-jail@freebsd.org Subject: Re: loopback in jail Message-ID: <20101111090603.292280@gmx.com>
next in thread | raw e-mail | index | archive | help
> Hi, > > I have problem with binding port to localhost inside of jail (ezjail). > > instead of this: > vscan perl 51376 5 tcp4 194.xxx.yyy.22:10024 > > I need this: > vscan perl 51376 5 tcp4 127.0.0.1:10024 > > Is it possible to bind anything inside jail to 127.0.0.1? Yes, if the jail has rights to the 127.0.0.1 address. > raidmadi# jail -c persist ip4.addr=127.0.0.1 > raidmadi# jls > JID IP Address Hostname Path > 1 - nik /jails/nik > 2 - test / > 3 - testo / > 4 - isudhfius /jails/nik > 5 - / > 8 127.0.0.1 / > raidmadi# jexec 8 csh > # nc -l 8888 & > [1] 38411 > # sockstat -4 > USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS > root nc 38411 3 tcp4 127.0.0.1:8888 *:* Is this a multi-IP jail? The case is slightly different with multi-IP jails. From jail(8): ip4.addr A comma-separated list of IPv4 addresses assigned to the prison. If this is set, the jail is restricted to using only these address. Any attempts to use other addresses fail, and attempts to use wildcard addresses silently use the jailed address instead. For IPv4 the first address given will be kept used as the source address in case source address selection on unbound sockets cannot find a better match. It is only possible to start multiple jails with the same IP address, if none of the jails has more than this single overlapping IP address assigned to itself. HTH, Nikos
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20101111090603.292280>