Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > FreeBSD Security> 1999-q3

FreeBSD Security Archives: Re: Should jail treat ip-number?

Re: Should jail treat ip-number?

Yoshinobu Inoue (shinnd.net.fujitsu.co.jp)
Wed, 10 Nov 1999 02:28:52 +0900

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Next message: Poul-Henning Kamp: "Re: Should jail treat ip-number?"
Previous message: A.LeidingerWJPServer.CS.Uni-SB.de: "Re: How to secure local nntp server?"
In reply to: Francisco Reyes: "How to secure local nntp server?"
Next in thread: Poul-Henning Kamp: "Re: Should jail treat ip-number?"
Next in thread: sthaugnethelp.no: "Re: Should jail treat ip-number?"
Reply: Poul-Henning Kamp: "Re: Should jail treat ip-number?"
Reply: Daniel C. Sobral: "Re: Should jail treat ip-number?"

> >> I agree, *IF* IPv6 ever becomes a reality, we will look at this.

Actually I just started to import KAME into freebsd-current,
and found jail code in kernel pcb part.

> >If we want
> >people to even think of moving to IPv6 we will have to make as much
> >of FreeBSD's functionality work on there as possible.

Just from same reason, I would like to make IPv6 available
also for jail functionality.

> I personally do not see IPv6 as being desirable at this time.
>
> It suffers from second systems syndrome and doesn't provide any
> benefit for the end-user so there is no incentive for users to
> upgrade.

But there is also some people like me who think IPv6 give
several benefit for the end-user that IPv4 can't give.

Then do you think even such people should not update jail to
support IPv6?

> >:>(2)What is the goal of the restriction?
> >
> >:To isolate people in the jail from the "real" machine and from
> >:other jails.
> >
> 1. All tcp/ip forced to use a particular IP#. This allows you to have
> several inetd/sendmail/apache running, one per jail.

My imagination was poor, and thanks for your explanation.
Now I have a new concern and comment.

(1)It seems to me that once an IP# is specified for a jail,
then that IP# should not be re-specified for another jail.
Is this true?

(2)If (1) is true, then number of jail is restricted to the
   number of IP address assigned to that machine.
   Then IPv6 support for jail should be very good thing,
   because extremely many IP addresses become available for
   a machine with IPv6. (which is not with IPv4)

Yoshinobu Inoue

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Next message: Poul-Henning Kamp: "Re: Should jail treat ip-number?"
Previous message: A.LeidingerWJPServer.CS.Uni-SB.de: "Re: How to secure local nntp server?"
In reply to: Francisco Reyes: "How to secure local nntp server?"
Next in thread: Poul-Henning Kamp: "Re: Should jail treat ip-number?"
Next in thread: sthaugnethelp.no: "Re: Should jail treat ip-number?"
Reply: Poul-Henning Kamp: "Re: Should jail treat ip-number?"
Reply: Daniel C. Sobral: "Re: Should jail treat ip-number?"

This archive was generated by hypermail 2.0b3 on Tue Nov 09 1999 - 11:29:27 CST