From: V. Jones (vjones62earthlink.net)
Date: Sun Jul 13 2003 - 14:46:39 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> You don't have to have multiple IP aliases for multiple jails. Or at
> least there is no technical necessity for this (in FreeBSD 4.x, that is,
> don't kown about 5.x). If it's just about running server processes in
> their own jail (no port number conflicts) you can have all jails on the
> same IP address and do the IP filtering (if necessary at all in this
> scenario) based on port numbers.
>

Okay, I didn't realize I could run more than one jail on one ip address. I guess if I needed ssh on each jailed server I could just make sure the port number is unique.

> > Finally, I'd like to use SSL to offer secure web connections & secure
> email
> > without having to buy two certificates. Am I getting too cute if I
> accept
> > ssl connections on one ip address and use stunnel to route them to
the
> > appropriate jailed server?
>
> In case of all jails on one IP address this problem goes away, too. You
> could define a generic domain name for the SSL stuff, for instance
> 'secure.domain.tld', get a certificate for that and use it for web as
> well as email and other purposes.
>
> Uwe
>
This counfuses me - doesn't the host name have to match the certificate? Can two jails have the same host name too?

--
Valen Jones

>
_______________________________________________
freebsd-securityfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribefreebsd.org"

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]