On Tue, Feb 17, 2004 at 12:49:51PM +0000, John wrote: > Hello > > I made a jail for a domain I host, according to the man page for jail. > It runs great and I can ssh and telnet on port 25 into it from the host. > > What I would like the root user to be able to do inside the jail is to > ssh to other boxes and use the ports collection. I have set the > following sysctls: > > jail.set_hostname_allowed=0 > jail.socket_unixiproute_only=0 > > (the man page says: > cesses within jails may only access protocols in the following > domains: PF_LOCAL, PF_INET, and PF_ROUTE, permitting > them access to UNIX domain sockets, IPv4 addresses, and > routing sockets. To enable access to other domains, this > MIB variable may be set to 0.) > > I wanted it to access as much as possible ipv4-wise from inside the > jail. > > I have set the 2nd MIB to 0 for this reason, but to no avail. > > Is it possible for ssh and ftp to work from inside? I want root to > install ports from within.
Yes, that's one of the features of jail. You know that IP address you assigned to the jail when you created it? You just need to make that routable to your destination machine, as you would for any other IP address (turn on IP forwarding on the machine that hosts the jail, make sure the route table is set up correctly, etc). Kris
Description: PGP signature