Date: Tue, 07 Aug 2018 16:13:17 -0400 From: Ernie Luzar <luzar722@gmail.com> To: Philipp Vlassakakis <freebsd-en@lists.vlassakakis.de> Cc: shamim.shahriar@gmail.com, FreeBSD Mailing List <freebsd-questions@freebsd.org> Subject: Re: Jails - IPv4 and IPv6 Message-ID: <5B69FD5D.5090500@gmail.com> In-Reply-To: <8ACAABE6-5054-4AFC-81F1-2909F9D69EF8@lists.vlassakakis.de> References: <A7BCF1EF-7E21-4009-8C70-CA13F68B81FF@lists.vlassakakis.de> <5B6895CB.1070004@gmail.com> <8ACAABE6-5054-4AFC-81F1-2909F9D69EF8@lists.vlassakakis.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Philipp Vlassakakis wrote: >> Am 06.08.2018 um 20:21 schrieb Shamim Shahriar <shamim.shahriar@gmail.com>: > >> Hi Philipp >> >> I'm using both IPv4 and IPv6 in my vNet jails. The IPv4 gets configured via the jail.conf, while v6 is via rc.conf from inside the jail, two lines to define v6 on epair and the gw as well. If you need, u can send you the configurations later. >> >> They are quite stable, the pf on the hosts controls the access, works as expected. >> >> Regards >> > > > I would like to configure the IP addresses outside the jails, because customers may access these jails and I don't want customers to be able to simply change the IP addresses which might lead to the Jail being unreachable from the „outside“. There are many different ways to configure non-vnet jails to use IPV6 addresses. The whole purposes of jails is to contain any user of that jail to the jail. Defining ip address in the rc.conf of the jail is not the way to do it. For jail security jail.conf is where IPV6 & IPV4 addresses are assigned to the jail. As long as you don't give jail users access to the host where the jail is run on, jail users will not be able to change the jail's IP addresses and have it work.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5B69FD5D.5090500>