From owner-freebsd-questions@FreeBSD.ORG Wed Sep 17 14:53:10 2014 Return-Path: Delivered-To: questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 5B45B326 for ; Wed, 17 Sep 2014 14:53:10 +0000 (UTC) Received: from tds-solutions.net (tds-solutions.net [192.99.32.153]) by mx1.freebsd.org (Postfix) with ESMTP id 340B7923 for ; Wed, 17 Sep 2014 14:53:09 +0000 (UTC) Received: from tds-solutions.net (localhost [127.0.0.1]) by tds-solutions.net (Postfix) with ESMTP id AF6663B39F for ; Wed, 17 Sep 2014 10:53:02 -0400 (EDT) X-Virus-Scanned: amavisd-new at tds-solutions.net Received: from tds-solutions.net ([127.0.0.1]) by tds-solutions.net (tds-solutions.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LFsFYB4a1OuH for ; Wed, 17 Sep 2014 10:53:02 -0400 (EDT) Received: from [192.168.1.224] (unknown [69.43.65.27]) (Authenticated sender: sorressean) by tds-solutions.net (Postfix) with ESMTPSA id 50EF83B38B for ; Wed, 17 Sep 2014 10:53:02 -0400 (EDT) Message-ID: <5419A071.2080800@tysdomain.com> Date: Wed, 17 Sep 2014 10:53:37 -0400 From: "Littlefield, Tyler" Reply-To: tyler@tysdomain.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0 MIME-Version: 1.0 To: questions@freebsd.org Subject: jails, IPS and firewalls, oh my! Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Sep 2014 14:53:10 -0000 Hello all: I asked this question a while back and was a bit unclear how exactly to word what I want, so I'll try again now that I've spent time with this. My goal is to end up with separate systems. For example, I want to run a mailman setup on my server. Right now I already have postfix running as well as nginx in a jail and did not want to try to work around my current configuration. I wanted to set up a lists subdomain and point it at 1.2.3.4 which is assigned to my server and just treat that as a separate system. So, on the advice of others who know BSD a lot more than I do I tried a few things. Mainly I assigned the IP to a jail and tried to firewall it off. The IP address though still is being used by em0, which means that even if I open port 80 it will point to my main server and not the jail. I am looking for a solution where I can assign the jail an interface, assign that interface to an IP address and then just protect it through a firewall on the host system. I read about epairs, tap devices and etc, but I'm not sure exactly which would be the best solution. Any advice/examples or pointers would be awesome. TIA, -- Take care, Ty http://tds-solutions.net He that will not reason is a bigot; he that cannot reason is a fool; he that dares not reason is a slave.