Date: Sun, 07 Aug 2016 13:20:54 -0400 From: Ernie Luzar <luzar722@gmail.com> To: freebsd-pf@freebsd.org, freebsd-questions@freebsd.org Subject: Re: Firewalling jails and lo0 Message-ID: <57A76DF6.6090905@gmail.com> In-Reply-To: <20160807152347.GA9178@len-t420.klaas> References: <20160806155411.GA5289@len-t420.klaas> <3C1C4822-17C2-42D9-A9BE-C3549B9B6F25@lists.zabbadoz.net> <20160807082651.GA87754@box-hlm-03.niklaas.eu> <57A743A8.10005@gmail.com> <20160807152347.GA9178@len-t420.klaas>
next in thread | previous in thread | raw e-mail | index | archive | help
Niklaas Baudet von Gersdorff wrote: > Ernie Luzar [2016-08-07 10:20 -0400] : > >> I believe the loopback interface lo1 needs 127.0.0.0/8 ip address to enable >> loopback functionally, and the ip address has to be a different sub-net. IE >> 127.0.10.1 for lo1 while the hosts lo0 uses 127.0.0.1 > > Aha. So once I assigned those traffic from/to jails should go > through lo1 solely? > > Niklaas YES. I am still missing info on your jail.conf. Post the jail.conf file for the jails in question. Also what services are running on the host that you want to communicate with the smtp jail. You have to change the smtp config file to tell it to use the new lo1:127.0.10.2 ip address and you have to do the same thing for what ever host service will communicate with the smtp jail. They all have to be using the same lo1:127.0.10.2 ip. Most admin just keep those types of services on the host because its just easier.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?57A76DF6.6090905>