Re: Jails and loopback interfaces

看板FB_security作者時間20年前 (2006/03/09 05:08), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串6/13 (看更多)
I would recommend *not* trying to use 127.0.0.1. You'll end up in a situation where things are trying to access the local machine and are getting the jail instead. Instead, I recommend schlopping another IP address, an alias, onto the loopback interface, just as you would with any other jail. Use an RFC 1918 address, and, as with all jails, use a netmask of 32 bits. On Wed, 8 Mar 2006, Axel Scheepers wrote: > On Tue, 2006-03-07 at 13:02 -0300, Ricardo A. Reis wrote: >> Hi Cyril, >> >> For access loopback inside the jail, is necessary configure in host server >> alias for loopback and start jail using loopback. >> Remember loopback address is all 127/8 ! >> > > I just recently tried jails but I thought 127.0.0.1 would be mapped to > the jails ip-address, which eventually gets mapped to the ip specified > in the parameter or rc.conf. I could be wrong though although my > test-jail setup confirms this on 6.1-PRERELEASE: > test-jail# telnet localhost 22 > Trying ::1... > Trying 127.0.0.1... > Connected to localhost. > Escape character is '^]'. > SSH-2.0-OpenSSH_4.2p1 FreeBSD-20050903 > > Kind regards, > > Axel Scheepers > /-------------------------------------------------------------------------/ Never worry about theory as long as the machinery does what it's supposed to do. -- R. A. Heinlein finger://bigby@ephemeron.org http://www.ephemeron.org/~bigby/ irc://irc.ephemeron.org/#the_pub /-------------------------------------------------------------------------/ _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
更多 bigby. 的文章
文章代碼(AID): #143qU_00 (FB_security)
討論串 (同標題文章)
完整討論串 (本文為第 6 之 13 篇):
排序: 最新先 | 最舊先 | 留言數
在新視窗開啟完整討論串 (共13篇)
更多 bigby. 的文章
文章代碼(AID): #143qU_00 (FB_security)