Date: Thu, 14 Aug 2014 12:25:45 -0400 From: Allan Jude <allanjude@freebsd.org> To: freebsd-jail@freebsd.org Subject: Re: Allow jail to see source IP of incoming traffic Message-ID: <53ECE309.5040302@freebsd.org> In-Reply-To: <1408012260325-5938163.post@n5.nabble.com> References: <1408012260325-5938163.post@n5.nabble.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --nvuknvo8rhcjRnxUPn2iRSw2n7vthfTPB Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 2014-08-14 06:31, Beeblebrox wrote: > I have placed mldonkey's mlnet inside a jail. The problem now is that t= he > allowed_ips control feature of mlnet has effectively become disabled si= nce > all traffic to mlnet appears to flow from jail's IP. >=20 > mlnet's allowed_ips feature permits control of "who has permission to a= ccess > mlnet through gui/web-server, etc." >=20 > What setting could I relax for the jail so that mlnet is able to see th= e > source IP of incoming requests? I would assume that jailed web servers = are > able to see client IP's in order to do geo-filtering? >=20 > Regards. >=20 >=20 >=20 > ----- > FreeBSD-11-current_amd64_root-on-zfs_RadeonKMS > -- > View this message in context: http://freebsd.1045724.n5.nabble.com/Allo= w-jail-to-see-source-IP-of-incoming-traffic-tp5938163.html > Sent from the freebsd-jail mailing list archive at Nabble.com. > _______________________________________________ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org"= >=20 Jails do see the real source IP address. Connections to localhost (127.0.0.1) from inside the jail are rerouted to the jails primary IP, since the jail does not have access to the loopback adapter. This can cause local connections to appear to be coming from the jails IP rather than loopback, but other than that, everyone should show the original source IP address. What address are you seeing the connections as coming from? Where are they actually coming from? --=20 Allan Jude --nvuknvo8rhcjRnxUPn2iRSw2n7vthfTPB Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJT7OMMAAoJEJrBFpNRJZKf+xoP/joIdUYYGzVCHEWZLSZNM2qO 3bIjNO8tNc5NC1LEfLXemE39UrdJsW2PyQCZGNYFYZ4E9NopLVT0i/6hcUSX9Z6O BEsDfJWOBMjaKsj5SaTGS5VgNkSOOS+ekIDa5u86Uzs2etcJmLykO8RFhRRKsGq7 HELriFDDyeMRwMHfrxXJhmsdlS1PXuwM1aYIYxoQgaEobN5z9Jrsuea6cnwRdkE8 B/Of+eGzidOtQKhkLMrCbg5U9I2JGnWmgAC5zU08xYNhKlEdm9MQaqjNMSVTikLd UaGK+WLpbn8NFMIFBVap2SU/Xyb2/UwoX5M6MoE7GJWFqGX7vDlROebGKgNuzVmT EIJVYTmklqTz1boqmM0eG4tJNX0DXywsUMyCXpk7RSdhY/ZM1+ApnYOnQjPdsed0 9UJ2LJ21sLM3ZWTDWpy3DTIeysFDvxrizKRBmqsjFDE3qtGkEgYz9FL6MXJ2ue7/ iZ6JLSNzSNPwxCJ0ljz60malf5zXt9V2bfSEtPBE0dBvdFO4OiA19ooFem4fa+ae UPzDxl20qHQ1c9/tFvkry5b0BvFkRtSD1wsrdNRzB4Be9GcgkFC1M1wikPTvbkZa I97JWYT4G/E+FNzNyUfgiYlLfwbFvqE2Ctt4GszMN7MbZUw40CxSlkSzPlfcHq8w Q5jc8iUX6TpXpyUCdV4a =QDvm -----END PGP SIGNATURE----- --nvuknvo8rhcjRnxUPn2iRSw2n7vthfTPB--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?53ECE309.5040302>