How to connect a jail to the web ?

Roland Smith rsmith at xs4all.nl
Tue Aug 10 13:08:37 UTC 2010 

On Tue, Aug 10, 2010 at 11:01:24AM +0000, Brice ERRANDONEA wrote:
> Hello,
> 
> I've just created my first FreeBSD jail in order to install a web server
> inside.  But I don't know how to connect it to the web. When I try pinging a
> http website, it doesn't work. Of course, it works when I do it from outside
> the jail.

There are a couple of things you need to keep in mind.

  - The IP address you're using for a jail is usually an alias for an existing
    interface. I think this is done to make routing easier. My system is
    configured as a gateway, and I've aliased the IP adresses for my jails to
    the interaface of the internal trusted network.
  - You should really use the rc interface for starting jails; it's much easier. 

> Another problem, probably linked to the first one, I can't run rc within the 
> jail, even as the jail's root. It says : permission denied.

See below.
 
> Here's how I built and started my jail. I had already run make buildworld when 
> upgrading to 8.1 release :
> 
> # mkdir /usr/prison
> # cd /usr/src
> # make installworld DESTDIR=/usr/prison
> # make distribution DESTDIR=/usr/prison

Do not forget to create an empty /etc/fstab in your jail;

  # touch /usr/prison/etc/fstab

You'll also need to create an appropriate /etc/rc.conf file in the jail. The
following should be a starting point;

    devfs_system_ruleset="devfsrules_jail"
    network_interfaces=""
    sshd_enable="YES"
    sendmail_enable="NO"
    rpcbind_enable="NO"

> # mount -t devfs devfs /usr/prison/dev
> # jail -c path=/usr/prison host.hostname=ServeurWeb ip4.addr=192.1.1.1 persist
> # jail /usr/prison ServeurWeb 192.1.1.1 csh

You should use the full path name of the program you want to run.

  # jail /usr/prison ServeurWeb 192.1.1.1 /bin/csh

If you want to start the rc system in the jail;

 # jail /usr/prison ServeurWeb 192.1.1.1 /bin/sh /etc/rc

I've detailed my setpup on a webpage. Maybe it will be of use to you;

http://www.xs4all.nl/~rsmith/unix/misc.xhtml#creatingavirtualserveronfreebsdwithajail8

Roland
-- 
R.F.Smith                                   http://www.xs4all.nl/~rsmith/
[plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated]
pgp: 1A2B 477F 9970 BA3C 2914  B7CE 1277 EFB0 C321 A725 (KeyID: C321A725)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20100810/276e257f/attachment.pgp

More information about the freebsd-questions mailing list