Search results

  1. S

    A jail that is accessible from network without port forwarding

    The problem is you have people that aren't qualifying when they say you don't need NAT for a jail. In fact a few people have gone so far to say you don't understand jails if you use NAT. I've seen it on the forums and on the freebsd mailing lists. Even when people are saying they are using non...
  2. S

    FTP Client on server with firewall

    This falls under dumb question I guess but am I right in assuming that if I want to use an ftp client (fetch for ports) on the actual machine that FreeBSD & PF reside on I have to actually open up ports and I can't use ftp-proxy or something like it? Because using ftp-proxy on the server itself...
  3. S

    A jail that is accessible from network without port forwarding

    Ok since I would like a clear explanation why this doesn't work let's go down this road. The server has an internet-routable public ip while the jail does not. Create an alias per ( http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/configtuning-virtual-hosts.html ). The netmask of the...
  4. S

    A jail that is accessible from network without port forwarding

    I've had issues with non routable ip's with jails in certain environments. I've used jails in diskless servers that connect to a SAN with DHCP. I've setup FreeBSD as a guest with Xen Paravirtualization and with hardware virtualization on a KVM/QEMU host. I've also used it with Virtualbox. I've...
  5. S

    New jail utility "qjail" published for public usage

    Shouldn't there be plenty of information available before you have to download and install something. Especially for something so new that it isn't even in ports.
  6. S

    A jail that is accessible from network without port forwarding

    Considering that even the official wiki that the developers use has jails setup with a nat I'm going to go with this is incorrect ( http://wiki.freebsd.org/AppserverJailsHOWTO ). Using jails and a nat is a very common practice and there isn't anything wrong with that, unless you can provide some...
  7. S

    Secure FTP

    Look up SFTP. You can chroot a user very easily with SFTP. So basically someone logs in and they are restricted to their home directory. So you could just add a user that's just for ftp. You should be able to google around for sftp chroot openssh, there are a lot of guides out there. Most of...
  8. S

    pf.conf

    Just so you know per man pf.conf(5) the order should be Macros, Tables, Options, Traffic Normalization (e.g. scrub), Queueing, Translation (Various forms of NAT), Packet Filtering. Having read the book of pf myself one thing I found disappointing is you really need to have some solid...
  9. S

    pf.conf

    Everything looks fine offhand although you want to keep your block rules all in the same section. You have blocks for non routables, then nat and then block again.
  10. S

    HOWTO: Setup a jailed AppServer (Webserver/Mail/etc..) with ezjail

    Ah I didn't realize that. The way it sounded reading the handbook and other information was that any use of NAT required that. But I have removed gateway_enable="YES" and everything still works.
  11. S

    HOWTO: Setup a jailed AppServer (Webserver/Mail/etc..) with ezjail

    There are other ways you can do this but the following instructions I know work and should get you up and running. I spent a lot of time myself trying different solutions and this is the most portable/bulletproof solution that should work with pretty much any setup. This is the sort of thing I...
  12. S

    Jails worth the extra hassle?

    Considering there are shared hosting companies that give people full root access to their jail I would be much less worried about a compromised php app inside a jail gaining root access vs an app in the host system. It really comes down to that there are some things you should be running at the...
  13. S

    HOWTO: FreeBSD with CCACHE

    I'm wondering how I would go about using a new version of gcc (gcc45) with ccache. Right now I have just gcc45 running per the instructions at: http://www.freebsd.org/doc/en/articles/custom-gcc/article.html That works fine but how would I go about getting ccache to use that. It seems like the...
  14. S

    Jails worth the extra hassle?

    This is almost like asking is locking your car worth the hassle? If you're parking your car at your house inside your garage then you probably don't need to lock it. But if you're in a mall parking lot you probably want to lock it. Each person needs to evaluate their security situation and...
  15. S

    FreeBSD on Amazon EC2

    If you check the freebsd xen mailing list there are some problems with stability with xen/paravirtualization and freebsd. I have run into some problems firsthand although most of it seems to crop up under heavy load. There are other options out there in regards to using hardware...
  16. S

    jail internet access

    I feel kinda stupid for asking about this since I have read a ton of forum posts/websites, but after spending most of the day on this I simply can't get network access to work with jails. Ping (by IP not hostname to eliminate it being a DNS issue), whois, dig, fetch don't work (I was trying to...
  17. S

    kldload: can't load pf

    After checking the freebsd-xen mailing list it seems that the xen paravirtualization kernel has some issues. When I switched to hardware virtualization with a generic kernel my original setup worked fine. So for peoples reference if you run into this issue on a VPS that might be the culprit.
  18. S

    kldload: can't load pf

    I'm new to FreeBSD and I've spent this week reading through the handbook and I'm working my way through the excellent Absolute FreeBSD book as well. But I've encountered a problem and I haven't been able to find a solution anywhere. I'm running FreeBSD 8. I'm trying to install PF. I've added...
Back
Top