|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: Jails and loopback interfaces
From: R. B. Riddick (arne_woerner
yahoo.com)
Date: Thu May 04 2006 - 10:27:48 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
--- "NoSPAMmgEDV.net" <nospammgedv.net> wrote:
> this part i definitely don't get. let's assume this one:
>
> 192.168.10.1 = jail ip of the ws
> 127.0.0.1 = jail ip of the db
> sending to 127.0.0.1 is not possible on 192.168.134.1 (kernel
> re-routes it to 192.168.134.1 if man jail is correct)
> if i setup forwarding rules i'd have to setup something for
> the real ip's port, no?
>
What do u mean with "real ip"? I assume u mean, something that does not start
with 127...
Then u could give ur jails IPs, that start with 10... (e. g. 10.2.2.2)
> and, i assumed that the setup mentioned can live without additional
> firewall rules.
>
Isn't the overhead caused by pf or ipfw neglectible?
I just did a test with and without ipfw and found, that the minimum ping time
without ipfw was 0.987sec and with 1.024sec, which possibly was caused by
powerd, which throttled the CPU...
I say, maybe u want to do some funny experiments to find it out?
-Arne
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
_______________________________________________
freebsd-securityfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribefreebsd.org"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]