On Wed, Jun 8, 2011 at 10:50 AM, Erik Nørgaard <[email protected]> wrote: > Hi: > > I'm planning to move services to run in jails. Two jails: > > 1: Mail related: postfix, cyrus imap and openldap > 2: Web related: apache and postgresql > > No service should be able to connect out of the jail to remote hosts, except > for postfix that need to connect out to port 25 for delivery to other > domains. >
Jails usually run in a private network by default, each has a private IP which is alias of the lo device In fact you usually have explictly NAT ports from the base system to the Jails. Try EzJail (yep. easy piecy as it's name suggests) and check-out these references: http://erdgeist.org/arts/software/ezjail/ http://www.freebsddiary.org/ezjail.php http://www.scottro.net/qnd/qnd-ezjail.html http://www.bsdguides.org/guides/freebsd/security/manage_jails Best, -- Alejandro Imass P.S. you can always hire you initial set-up/training, I'm sure many here would be more than happy to do so ;-) _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[email protected]"
