Re: Acess 127.0.0.1 from FreeBSD jail

Sat, 30 Jul 2005 09:56:04 -0700 

At 10:35 PM 7/29/2005, Chad Leigh -- Shire.Net LLC wrote:


On Jul 29, 2005, at 11:25 PM, Chatchawan Wongsiriprasert wrote:


Hi,
   I am now using chroot apache+php, and want to move to more secure
FreeBSD jail.

   After read the FreeBSD handbook, I have been successfully created a
jailed apache+php on my test server but there is a litle problem that
need to be solved before I put it on my real server.

   I run mysql-server on this server and make it listen only to
127.0.0.1
(--bind-address option). How can  I access mysql-server on this server
from the jail without
    (1) make mysql-server listen to the real ip (I don't want to open
another door to my server -- firewall can be employ but this add
another complexity to my setup)


Create a separate jail on the system and put mysql in that.  Make the
address of this mysql jail be 192.168.1.1 or something like that.
The apache jail will be able to reach it but the outside won't.

You should still have a firewall of some sort.


     or
    (2) using unix socket (a lot of code to change and test -- most
are
develop by another people).


Using the socket option is better as it probably also performs better
(I don't know this for sure -- am just guessing)
Using the sockets in mysql is faster. The only code you should need to change is the code that open's the connection to the database, everything else will work just fine. 

-Glenn



Chad




Regards,
Chatchawan Wongsiriprasert

_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions- [EMAIL PROTECTED]"


---
Chad Leigh -- Shire.Net LLC
Your Web App and Email hosting provider
[EMAIL PROTECTED]


_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to