loopback in jail
Nikos Vassiliadis
nvass9573 at gmx.com
Thu Nov 11 09:06:08 UTC 2010
> Hi,
>
> I have problem with binding port to localhost inside of jail (ezjail).
>
> instead of this:
> vscan perl 51376 5 tcp4 194.xxx.yyy.22:10024
>
> I need this:
> vscan perl 51376 5 tcp4 127.0.0.1:10024
>
> Is it possible to bind anything inside jail to 127.0.0.1?
Yes, if the jail has rights to the 127.0.0.1 address.
> raidmadi# jail -c persist ip4.addr=127.0.0.1
> raidmadi# jls
> JID IP Address Hostname Path
> 1 - nik /jails/nik
> 2 - test /
> 3 - testo /
> 4 - isudhfius /jails/nik
> 5 - /
> 8 127.0.0.1 /
> raidmadi# jexec 8 csh
> # nc -l 8888 &
> [1] 38411
> # sockstat -4
> USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
> root nc 38411 3 tcp4 127.0.0.1:8888 *:*
Is this a multi-IP jail? The case is slightly different with multi-IP
jails. From jail(8):
ip4.addr
A comma-separated list of IPv4 addresses assigned to the prison.
If this is set, the jail is restricted to using only these
address. Any attempts to use other addresses fail, and attempts
to use wildcard addresses silently use the jailed address
instead. For IPv4 the first address given will be kept used as
the source address in case source address selection on unbound
sockets cannot find a better match. It is only possible to start
multiple jails with the same IP address, if none of the jails has
more than this single overlapping IP address assigned to itself.
HTH, Nikos
More information about the freebsd-jail
mailing list