Hi all, is it possible to allow processes in a jail to bind a socket to an IP address not present in the jail (IP_BINDANY)?
I'm experimenting with transparent proxying using this feature and ipfw "fwd" rules. Outside of a jail this works as documented, inside a VNET jail the proxy process logs: sslh-fork: setsockopt IP_BINDANY:1:Operation not permitted Thanks, Patrick -- punkt.de GmbH Patrick M. Hausen .infrastructure Kaiserallee 13a 76133 Karlsruhe Tel. +49 721 9109500 https://infrastructure.punkt.de [email protected] AG Mannheim 108285 Geschäftsführer: Jürgen Egeling, Daniel Lienert, Fabian Stein _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[email protected]"
