Allow jail to see source IP of incoming traffic
Allan Jude
allanjude at freebsd.org
Thu Aug 14 16:25:04 UTC 2014
On 2014-08-14 06:31, Beeblebrox wrote:
> I have placed mldonkey's mlnet inside a jail. The problem now is that the
> allowed_ips control feature of mlnet has effectively become disabled since
> all traffic to mlnet appears to flow from jail's IP.
>
> mlnet's allowed_ips feature permits control of "who has permission to access
> mlnet through gui/web-server, etc."
>
> What setting could I relax for the jail so that mlnet is able to see the
> source IP of incoming requests? I would assume that jailed web servers are
> able to see client IP's in order to do geo-filtering?
>
> Regards.
>
>
>
> -----
> FreeBSD-11-current_amd64_root-on-zfs_RadeonKMS
> --
> View this message in context: http://freebsd.1045724.n5.nabble.com/Allow-jail-to-see-source-IP-of-incoming-traffic-tp5938163.html
> Sent from the freebsd-jail mailing list archive at Nabble.com.
> _______________________________________________
> freebsd-jail at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-jail
> To unsubscribe, send any mail to "freebsd-jail-unsubscribe at freebsd.org"
>
Jails do see the real source IP address. Connections to localhost
(127.0.0.1) from inside the jail are rerouted to the jails primary IP,
since the jail does not have access to the loopback adapter. This can
cause local connections to appear to be coming from the jails IP rather
than loopback, but other than that, everyone should show the original
source IP address.
What address are you seeing the connections as coming from? Where are
they actually coming from?
--
Allan Jude
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 899 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-jail/attachments/20140814/7796bb05/attachment.sig>
More information about the freebsd-jail
mailing list