jails, ipfilter & stunnel
V. Jones
vjones62 at earthlink.net
Sun Jul 13 09:49:15 PDT 2003
> You don't have to have multiple IP aliases for multiple jails. Or at
> least there is no technical necessity for this (in FreeBSD 4.x, that is,
> don't kown about 5.x). If it's just about running server processes in
> their own jail (no port number conflicts) you can have all jails on the
> same IP address and do the IP filtering (if necessary at all in this
> scenario) based on port numbers.
>
Okay, I didn't realize I could run more than one jail on one ip address. I guess if I needed ssh on each jailed server I could just make sure the port number is unique.
> > Finally, I'd like to use SSL to offer secure web connections & secure
> email
> > without having to buy two certificates. Am I getting too cute if I
> accept
> > ssl connections on one ip address and use stunnel to route them to
the
> > appropriate jailed server?
>
> In case of all jails on one IP address this problem goes away, too. You
> could define a generic domain name for the SSL stuff, for instance
> 'secure.domain.tld', get a certificate for that and use it for web as
> well as email and other purposes.
>
> Uwe
>
This counfuses me - doesn't the host name have to match the certificate? Can two jails have the same host name too?
--
Valen Jones
>
More information about the freebsd-security
mailing list