Hello,
I'm trying to configure IPFW on machine with jail (FreeBSD 11.1)
Host have one big lagg0, and when jail starting create alias on this lagg0.
jail_1 have 10.10.1.139 address
jail_2 have 10.10.1.139 address
...
I understand that I can't run IPFW in jail, it must be on host machine
But is any way to set rules per jail (network alias?)
example:
Jail_1 only incoming DNS, HTTP, HTTPS, ...
Jail_2 only incoming SMTP, IMAP, ...
...
Thanks for help
kzx
I'm trying to configure IPFW on machine with jail (FreeBSD 11.1)
Host have one big lagg0, and when jail starting create alias on this lagg0.
Code:
lagg0: flags=8843... metric 0 mtu 1500 options=401ba....
ether ....
inet 10.10.1.102 netmask 0xffffff00 broadcast 10.10.1.255
inet 10.10.1.139 netmask 0xffffffff broadcast 10.10.1.139
inet 10.10.1.141 netmask 0xffffffff broadcast 10.10.1.141
inet 10.10.1.25 netmask 0xffffffff broadcast 10.10.1.25
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
media: Ethernet autoselect
status: active
groups: lagg
laggproto lacp lagghash l2,l3,l4
laggport: igb0 flags=1c<ACTIVE,COLLECTING,DISTRIBUTING>
laggport: igb1 flags=0<>
laggport: bce0 flags=0<>
jail_1 have 10.10.1.139 address
jail_2 have 10.10.1.139 address
...
I understand that I can't run IPFW in jail, it must be on host machine
But is any way to set rules per jail (network alias?)
example:
Jail_1 only incoming DNS, HTTP, HTTPS, ...
Jail_2 only incoming SMTP, IMAP, ...
...
Thanks for help
kzx