Jail and Firewalls

fred974

fred974

Hello everyone :)

I understand that if you have servers running in a jail, it is not possible to set pfSense inside the jails. Instead, I have to do it on the host. Is my understanding correct?

I have a DB and file server that require different rules. Therefore how do I go about it?

Do I need to visualized my servers with something like Xen to split the servers and applied the firewall?

Thank you all in advance.

Fred
 
Hi,

I was facing the same issue you're talking about. One option is to use VIMAGE - but it was not stable. It was back in 8.x (or 7.x? I can't remember) and it was not possible to use with PF. Project did mature, maybe it's worth checking it again.

My solution was to install another FreeBSD in VirtualBox. Not nice, but it serves its purpose (separate IP, rules, accounting, etc.).
 
fred974 said:
I have a DB and file server that require different rules. Therefore how do I go about it?
Click to expand...
I don't see what the problem is. Just firewall specific IP addresses with specific rules. Imagine the host to be a firewall and the two jails as two separate physical machines. How would you firewall that?
 
You should be able to filter the jail traffic with specific rules for the jail and have different a policy for the traffic of the host system. If you could elaborate a bit more of what you're trying to achieve we could maybe offer more specific advice.
 
Hi @SirDice,

When you put it that way, I guess it makes sense. I guess its because I didn't know that I could have a firewall with different rules based on IP addresses.

Thank you you very much.

This forum is very good at supporting newbies like me :)
 
Last edited by a moderator:
You must log in or register to reply here.
Back
Top