How to connect a jail to the web ?
Roland Smith
rsmith at xs4all.nl
Tue Aug 10 13:08:37 UTC 2010
On Tue, Aug 10, 2010 at 11:01:24AM +0000, Brice ERRANDONEA wrote:
> Hello,
>
> I've just created my first FreeBSD jail in order to install a web server
> inside. But I don't know how to connect it to the web. When I try pinging a
> http website, it doesn't work. Of course, it works when I do it from outside
> the jail.
There are a couple of things you need to keep in mind.
- The IP address you're using for a jail is usually an alias for an existing
interface. I think this is done to make routing easier. My system is
configured as a gateway, and I've aliased the IP adresses for my jails to
the interaface of the internal trusted network.
- You should really use the rc interface for starting jails; it's much easier.
> Another problem, probably linked to the first one, I can't run rc within the
> jail, even as the jail's root. It says : permission denied.
See below.
> Here's how I built and started my jail. I had already run make buildworld when
> upgrading to 8.1 release :
>
> # mkdir /usr/prison
> # cd /usr/src
> # make installworld DESTDIR=/usr/prison
> # make distribution DESTDIR=/usr/prison
Do not forget to create an empty /etc/fstab in your jail;
# touch /usr/prison/etc/fstab
You'll also need to create an appropriate /etc/rc.conf file in the jail. The
following should be a starting point;
devfs_system_ruleset="devfsrules_jail"
network_interfaces=""
sshd_enable="YES"
sendmail_enable="NO"
rpcbind_enable="NO"
> # mount -t devfs devfs /usr/prison/dev
> # jail -c path=/usr/prison host.hostname=ServeurWeb ip4.addr=192.1.1.1 persist
> # jail /usr/prison ServeurWeb 192.1.1.1 csh
You should use the full path name of the program you want to run.
# jail /usr/prison ServeurWeb 192.1.1.1 /bin/csh
If you want to start the rc system in the jail;
# jail /usr/prison ServeurWeb 192.1.1.1 /bin/sh /etc/rc
I've detailed my setpup on a webpage. Maybe it will be of use to you;
http://www.xs4all.nl/~rsmith/unix/misc.xhtml#creatingavirtualserveronfreebsdwithajail8
Roland
--
R.F.Smith http://www.xs4all.nl/~rsmith/
[plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated]
pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20100810/276e257f/attachment.pgp
More information about the freebsd-questions
mailing list