Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
RE: Jails and loopback interfaces
From: R. B. Riddick (arne_woerneryahoo.com)
Date: Thu May 04 2006 - 10:27:48 CDT
--- "NoSPAMmgEDV.net" <nospammgedv.net> wrote:
> this part i definitely don't get. let's assume this one:
> 192.168.10.1 = jail ip of the ws
> 127.0.0.1 = jail ip of the db
> sending to 127.0.0.1 is not possible on 192.168.134.1 (kernel
> re-routes it to 192.168.134.1 if man jail is correct)
> if i setup forwarding rules i'd have to setup something for
> the real ip's port, no?
What do u mean with "real ip"? I assume u mean, something that does not start
Then u could give ur jails IPs, that start with 10... (e. g. 10.2.2.2)
> and, i assumed that the setup mentioned can live without additional
> firewall rules.
Isn't the overhead caused by pf or ipfw neglectible?
I just did a test with and without ipfw and found, that the minimum ping time
without ipfw was 0.987sec and with 1.024sec, which possibly was caused by
powerd, which throttled the CPU...
I say, maybe u want to do some funny experiments to find it out?
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
freebsd-securityfreebsd.org mailing list
To unsubscribe, send any mail to "freebsd-security-unsubscribefreebsd.org"