similar to: Jails and multihoming

I'm setting up a server where I plan to use Jails to improve security I also have installed and am configuring ipfilter. Here are my questions: Because I'm using Jails, I will have to have multiple ip aliases on the network interface. I will use ipfilter to specify what can go to each of the addresses. (e.g., allow only incoming to port 80 on the jail running apache). Another

I have searched around the lists and Google and found this HYPERLINK "http://people.freebsd.org/~pjd/patches/jail_2004120901.patch"http://people. freebsd.org/~pjd/patches/jail_2004120901.patch I was wondering if anyone know of a multiple IP patch that works with FreeBSD 5.4 I really do not understand why this is not included in the standard jail I mean sure jail is handy for

Specifying a source for the multipath route solved the problem. > ip rule add priority 200 table multi should be ip rule add prio 200 from $INT_NET table multi > ip route add default table multi proto static \ > nexthop via $EXB_GW dev $EXB_IF weight 1 \ > nexthop via $EXA_GW dev $EXA_IF weight 1 g

As suggested on the netfilter list, I''m posting here too: Current network layout: Internet | ----100.100.251.217---- / (router) \ Internet | | | 100.100.251.220 100.100.251.218

Hello all, I have a linux router with 2 interfaces(eth0 - ISP and eth1 - LAN). I''ve established a VPN connection(openvpn) over eth0 with a friend of mine => tun0 interface. I want half of my LAN to have Internet access through the eth0 interface and the other half through the tun0 interface. I''ve set up a script like the "load balancing split access" instructions

I am running 2.4.20 with Julian Anastasov''s patches (routes-2.4.20-9.diff), iptables v1.2.6a, iproute2-ss010824 on Debian. I have set up our internal gateway to multihome 2 T1''s as described in http://www.linuxvirtualserver.org/~julian/nano.txt . The only difference is that I use multiple IP''s on the external interfaces. EXA A.B.C.225 --------------------

https://bugzilla.samba.org/show_bug.cgi?id=2628 hmijail@gmail.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |hmijail@gmail.com ------- Comment #12 from hmijail@gmail.com 2008-05-01 06:45 CST ------- Bitten here by what seems to be the same bug.

Bug or something, look at this <mother-mail>[~]# cat /etc/sysctl.conf security.jail.allow_raw_sockets=1 security.jail.set_hostname_allowed=0 <mother-mail>[~]# sysctl -a | grep jail security.jail.set_hostname_allowed: 1 <<<<< here security.jail.socket_unixiproute_only: 1 security.jail.sysvipc_allowed: 0 security.jail.enforce_statfs: 2

Howdy! I'm not sure if this is actually an issue, feature or a bug, but I have found that inside a jail, the jailed root user is able to sniff traffic (and enable promiscuous mode) on at least the interface of the IP address the jail is attached to. I have not found any documentation explaining if this should occur or not, but I feel it is something that should at least be known to those

I'm setting up a server environment where I've got a bunch of jails running using aliased IPs on the same interface. I'd like to be able to use ipfw to place limits on the traffic between jails, but I'm running into problems. When I use tcpdump to look at TCP traffic from one jail to another, it shows both the source and destination IP for the packets as being the IP assigned to

On 10 May 2011 16:10, "Jamie Landeg Jones" <jamie@bishopston.net> wrote: > > > It used to confuzzle sysadmins on SUNos when the mount point was > > 0700. The underlying mode disapeared when the mount was made, but it > > was still being enforced. Suddenly no one but root could use say /usr > > even though it was apparently 0755 > > I remember that

On Thu, July 30, 2020 17:23, Robert Marcano wrote: > On 7/30/20 5:00 PM, James B. Byrne via samba wrote: >> FreeBSD-12.1p7 >> Samab-4.10.15 running in FreeBSD Jail >> >> >> I just wish to ensure that my conclusion respecting Samba, FreeBSD Jails, and >> NTP is correct. >> >> 1. Unless configured otherwise Windows domain clients will query and

FreeBSD-12.1p7 Samab-4.10.15 running in FreeBSD Jail I just wish to ensure that my conclusion respecting Samba, FreeBSD Jails, and NTP is correct. 1. Unless configured otherwise Windows domain clients will query and obtain their time from the samba_server DC. 2. Samba_server obtains its time from the OS, in this case a FreeBSD Jail. 3. FreeBSD Jails get their time from their host. 4. If

Hello, on 9.1-R, I highly appreciate the new jail(8) and jail.conf capabilities. Thanks for that extension! But I have one problem: If I want to stop a jail with 'jaill -r jailname', I get "umount: unmount of /.jail.jailname failed: Device busy" It seems to me that the order of fstab.jailname entries are not reverted by jail(8) when shutting down/umounting. My C skills

I've got a server running FreeBSD 6.2 and PF. The server has a couple dozen jails on it. Previously, I had a few "private" services such as MySQL running on loopback IPs (127.0.0.2+) and the rest of the jails running on the public IPs. I have to renumber my machine with a new block of public IPs so I thought I'd be clever and move all the jails onto loopback IPs. Then

I'm going to apply the ssh patch. Applying it to the "real" server seems straightforward enough, but I'm wondering what the right procedure is to apply this patch to my jailed servers.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear dovecot developers, first: thanks for this really cool imapd, on my server it serves some hundred domains, all in all some thousand users, some having hundred thousand mails in their Maildirs (their spam boxes mostly). Since I put this installation in an FreeBSD geli encrypted disc image I had no choice but to choose an imapd with clever

Hi *, I recently triggered an error when setting up a jail-host: I configured the jail(s) like evry jail I set up in the past: On the jail-hosts /etc/rc.conf: # ---- Jail-Globals ---- jail_enable="YES" # Set to NO to disable starting of any jails jail_list="ftp mx1 relay" # Space separated list of names of jails

My firewall''s configuratione is like this: |-FW--------------------| | eth0 - LAN | | IP1_ISP1 - eth1 | | IP1_ISP2 - eth2 | |-----------------------| I have configured firewall as specified on http://lartc.org/howto/lartc.rpdb.multiple-links.html and all works ok, except for connections between my firewall and other hosts of "other" ISP. Example: I

Hi All, In a scenario, where a LAN is being provided internet connectivity through multiple ISPs terminated at a Load Balanced Multihomed Linux Router as described in LARTC HowTo, how would the traffic distribution affected if there is a squid based transparent proxy for the LAN''s web traffic on the same system (i.e. the load balanced router itself). The recent squid versions have