From owner-freebsd-security@FreeBSD.ORG Mon May 8 14:01:46 2006 Return-Path: X-Original-To: freebsd-security@FreeBSD.ORG Delivered-To: freebsd-security@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EB4C416A411 for ; Mon, 8 May 2006 14:01:46 +0000 (UTC) (envelope-from nospam@mgedv.net) Received: from mgedv.at (mail.mgedv.at [195.3.87.103]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3002543D53 for ; Mon, 8 May 2006 14:01:45 +0000 (GMT) (envelope-from nospam@mgedv.net) Received: from metis (localhost [127.0.0.1]) by mgedv.at (SMTPServer) with ESMTP id 7FD5E186864 for ; Mon, 8 May 2006 16:01:29 +0200 (MEST) From: "No@SPAM@mgEDV.net" To: Date: Mon, 8 May 2006 16:01:41 +0200 Message-ID: <000001c672a7$eedf8a10$01010101@avalon.lan> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 11 In-Reply-To: <200605081210.k48CAtMj094360@lurza.secnetix.de> Thread-Index: AcZymRtJk8AoI3L1QEKXKZ7GbglsJwADcQDA X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Cc: Subject: RE: Jails and loopback interfaces X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: nospam@mgedv.net List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 May 2006 14:01:47 -0000 well, i got your ideas, btw, could someone please clarify this for me: i configured a separate interface for the jailed dns-server: ifconfig lo5 plumb ifconfig lo5 10.10.5.1 netmask 255.255.255.0 up the nameserver listenes on 10.10.5.1#55053 (everything's fine there). although the dns-server is bound to the specific ip-address, which again is bound to a separate interface, i do not see just one packet with tcpdump on this interface. even the loopback interface lo0 does not show anything. instead, the packets are generated from my lan-interface myk0, which has a route to the forwarder. why are the packets generated on an interface, that the server is not bound to and there is no redirect for?