RE: Jails and loopback interfaces

看板FB_security作者時間19年前 (2006/05/04 23:33), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串2/6 (看更多)
--- "No@SPAM@mgEDV.net" <nospam@mgedv.net> wrote: > this part i definitely don't get. let's assume this one: > > 192.168.10.1 = jail ip of the ws > 127.0.0.1 = jail ip of the db > sending to 127.0.0.1 is not possible on 192.168.134.1 (kernel > re-routes it to 192.168.134.1 if man jail is correct) > if i setup forwarding rules i'd have to setup something for > the real ip's port, no? > What do u mean with "real ip"? I assume u mean, something that does not start with 127... Then u could give ur jails IPs, that start with 10... (e. g. 10.2.2.2) > and, i assumed that the setup mentioned can live without additional > firewall rules. > Isn't the overhead caused by pf or ipfw neglectible? I just did a test with and without ipfw and found, that the minimum ping time without ipfw was 0.987sec and with 1.024sec, which possibly was caused by powerd, which throttled the CPU... I say, maybe u want to do some funny experiments to find it out? -Arne __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
更多 arne_woerne. 的文章
文章代碼(AID): #14MXxC00 (FB_security)
更多 arne_woerne. 的文章
文章代碼(AID): #14MXxC00 (FB_security)