Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 18 Sep 2014 07:34:23 -0500
From:      Mark Felder <feld@FreeBSD.org>
To:        freebsd-questions@freebsd.org
Subject:   Re: jails, IPS and firewalls, oh my!
Message-ID:  <1411043663.650970.168986121.79B70425@webmail.messagingengine.com>
In-Reply-To: <5419A071.2080800@tysdomain.com>
References:  <5419A071.2080800@tysdomain.com>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help


On Wed, Sep 17, 2014, at 09:53, Littlefield, Tyler wrote:
> 
> So, on the advice of others who know BSD a lot more than I do I tried a 
> few things. Mainly I assigned the IP to a jail and tried to firewall it 
> off. The IP address though still is being used by em0, which means that 
> even if I open port 80 it will point to my main server and not the jail.
> 

But the process listening on port 80 is in the jail, which is really all
that matters in this scenario. It's possible for you to assign an IP to
the jail and have zero services outside the jail listening on that IP.
This should cover your concerns as well. If you really want an
"interface" that is only assigned to the jail you'll have to look at
using VNET jails. Failing that, perhaps run a full FreeBSD bhyve VM
instead?



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?1411043663.650970.168986121.79B70425>