Hi all, is it possible to allow processes in a jail to bind a socket to an IP address not present in the jail (IP_BINDANY)?
I'm experimenting with transparent proxying using this feature and ipfw "fwd" rules. Outside of a jail this works as documented, inside a VNET jail the proxy process logs: sslh-fork: setsockopt IP_BINDANY:1:Operation not permitted Thanks, Patrick -- punkt.de GmbH Patrick M. Hausen .infrastructure Kaiserallee 13a 76133 Karlsruhe Tel. +49 721 9109500 https://infrastructure.punkt.de i...@punkt.de AG Mannheim 108285 Geschäftsführer: Jürgen Egeling, Daniel Lienert, Fabian Stein _______________________________________________ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
