similar to: Jails and loopback interfaces

Hi, Running: Freebsd 6.0 I am wondering if it is possible to have acces to loopback ip in a jail. I currently have a server running a jail. In the jail, there is a database and a web server. I would like to be able to have the database only bind on a loopback address and not on the jail's ip. Can this be done and how? Thanks -Cyril

Hi all, Is it mandatory to add device mem to jails to enable network via the gateway? Left ezjail with FreeBSD-6.3 (and a hardware replacement of my server) and am now starting again with FreeBSD-7.1. Early this week, I upgraded from 7.0 to 7.1 (not having 'used' jails on 7.0). After creating the jail with `ezjail-admin update -i` I created a 'ports build' jail `ezjail-admin

``You do not want to overbuild your security or you will interfere with the detection side, and detection is one of the single most important aspects of any security mechanism. For example, it makes little sense to set the schg flag (see chflags(1)) on every system binary because while this may temporarily protect the binaries, it prevents an attacker who has broken in from making an easily

Hello all, I've been searching around and have come up with no current discussions on this issue. I'll keep it brief: In 7.0 or 7.1 is there any provision to have multiple IP addresses in a jail? I'm stumped on this, as I just started a new hosting project that needs a few jails. At least one of those requires multiple IPs, which is something I never really even realized was

Hello, I have configured jail for users with sshd ftpd and auth. I started this jail on IP 127.0.0.10(there is an alias on lo0 interface), there was not any bigger problem to start it. But i have a problem with internet in this jail. I can log in to this jail through ssh or ftpd but i can't connect to the internet. I try to set up some kind of nat but it doesn't work. Can anybody help me

HI everyone, I have resently installed a jail environment on my freebsd box, and had some problems getting postgresql running under it. After looking a bit on various mailinglists i figured out that I needed to set jail.sysvipc_allowed to be 1 using sysctl in order to make postgresql run. However man jail gives me: jail.sysvipc_allowed This MIB entry determines whether or not

Hi everyone, today I got an e-mail from a company claiming that my server is doing port scans on their firewall machine. I found that hard to believe so I started checking the box. The company rep told me that the scan was originating at port 80 with destination port 8254 on their machine. I couldn't find any hints as to why that computer was subject to the alleged port scans. Searching

Hello BSDers, I'm running Apache in a chroot jail with suPHP. It needs an /etc/ passwd in the chroot so that suPHP can setuid to the owner of the PHP script, but there's nothing that requires the passwords to be valid. Does anyone have a script strips passwords out of master.passwd, sets all shells to nologin, etc and writes it to the chroot etc dir? I've looked around but

Hello, I need some advice how to debug this issue ... Recently I got a new mainboard for a router, it's a Gigabyte GA-H77N-WIFI with two onboard re(4) NICs. The problem is that re0 works fine and re1 doesn't: It doesn't receive any packets. Tcpdump displays all outgoing packets, but no incoming ones on re1. Ifconfig shows the link correctly (100 or 1000 Mbit, depending on where I

i am invoking op from a python proggy which does an op.system() of op chmod 640 /usr/local/etc/tac_plus.conf i get "Permission denied by op" % ls -l /usr/local/etc/op.access -r-------- 1 root wheel 149 Jan 13 07:41 /usr/local/etc/op.access % cat /usr/local/etc/op.access # 2007.01.13 # #DEFAULT users=src # chown /usr/sbin/chown $* ; users=src chmod /bin/chmod $* ; users=src

Hello, I have recently updated a machine to 7-stable. ACPI doesn't seem to work correctly on this machine. With earlier versions of FreeBSD (including the latest RELENG_6), I got this line in dmesg: ACPI disabled by blacklist. Contact your BIOS vendor. And everything was fine. The box runs perfectly well with ACPI disabled. (I can't get a BIOS update because the mainboard is too

Hi, This happened to me repeatedly (but not always), even after updating to the latest RELENG_7 yesterday ... 1. Boot into single user mode 2. fsck / # finishes successful! 3. mount -u / 4. Do a few edits to files in /etc 5. mount -u -o ro / softdep_waitidle: Failed to flush worklist for 0xc1f36b30 mount: /dev/ad0s1a : Device busy I can't remount the root file system read-only, so

Hi, IP traffic from one jail to another jail, arrives on destination jail on lo0 having the destination jails IP as source IP. Why not the source jail's IP address? How can I filter traffic from one jail to another, using ipfw of ipf? Cheers, -- Anders.

Hello freebsd-stable, I have 5.5-PRERELEASE server in production, booting from ad0s1: # BLOCKSIZE=512 swapinfo Device 512-blocks Used Avail Capacity /dev/ad0s1b 2097152 52872 2044280 3% /dev/ad1s1b 2097152 51952 2045200 2% Total 4194304 104824 4089480 2% # bsdlabel ad0s1 | fgrep b: b: 2097152 0 swap

Hi, i've set the outside ip for the jail..It works.. When i try to ssh to jail'ed system from the main system (in which is created jail) the connection is successful, but when i try to connect to jailed system from anywhere else i get this message: ssh: connect to host IP_NUMBER port 22: Operation timed out What can be wrong here? How to solve this problem?

Hi all, I have two prodction servers with FreeBSD 5.4 (all security patches are applied). They running some services like dns, ssh, http, ftp, etc. But I woukd like to encrypt some services for some hosts with ipsec when it is accessed. For example: - DNS resolution: not encrypted. - DNS replication master-slave: encrypted by ipsec. - Telnet: encrypted by ipsec for some hosts. Deny

Hi, This is the first time I've come across this: pid 11415 (ipfw), uid 0: exited on signal 11 (core dumped) The core dump landed in root's home directory in one of my jails. Has anyone seen this before? Should I be concerned? chkrootkit says nothing. (How trustworthy is its output? ;-) Thanks. Cheers. -- Ng Pheng Siong <ngps@netmemetic.com> http://firewall.rulemaker.net

Hi all! Short question: could anyone point me to documents regarding topics: jails! & nat & (ipfw|ip tables) - I'm in process to build a new system... Planned layout: NET---router/nat-----gateway:freebsd5.x/nat--------inner net | | | | | L- apache/php (lo_alias1) | L------ mail server (lo_alias2)

Good Day! I think we have a serious problem. One of our old server running FreeBSD 4.9 have been compromised and is now connected to an ircd server.. 195.204.1.132.6667 ESTABLISHED However, we still haven't brought the server down in an attempt to track the intruder down. Right now we are clueless as to what we need to do.. Most of our servers are running legacy operating systems(old

Hello, I've got a (P)ATA disk in a special frame. The disk itself supports UDMA-100 (and has an 80-ribbon cable), but the frame isn't compatible with that. By default, FreeBSD negotiates UDMA-100, and the console starts to fill with ICRC errors. In the past, I used a patch to ata-all.c that enabled the following entry in loader.conf to force the disk to UDMA-33, so it worked fine: