Date: Fri, 06 Nov 2009 19:59:26 +0000 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Bill Moran <wmoran@potentialtech.com> Cc: Roger <rnodal@gmail.com>, freebsd-questions@freebsd.org Subject: Re: Help understanding basic FreeBSD concepts (ports, updates, jails) Message-ID: <4AF4801E.9050806@infracaninophile.co.uk> In-Reply-To: <20091106132232.303cf7c3.wmoran@potentialtech.com> References: <9d972bed0911060931k4ee2a5b7n9d62db23beeb6367@mail.gmail.com> <4AF4670F.7040103@otenet.gr> <20091106132232.303cf7c3.wmoran@potentialtech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig1C3E45F2A7D2EF66940C7E96 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable Bill Moran wrote: > In response to Manolis Kiagias <sonicy@otenet.gr>: >=20 >> Roger wrote: >> >>> My third item is jails. I currently have only one external IP. I woul= d >>> like to setup two jails, one for apache and the other for postfix. >>> Would that require more external IPs? If I wanted to have ssh access >>> to the host and the jails that would definitely will require 3 >>> external IPs right? >=20 > You can do some funky address aliasing with (for example) pf or ipfw, b= ut > it gets rather complex. >=20 > So, the answer is, "No, you don't need multiple IPs, but the setup gets= > rather complicated if you don't have multiple IPs. As a result, most > people who do this will have multiple IPs." >=20 Oh, it's not so complex as all that[*]. You will need at least an IP per jail *but* these don't have to be on the external, world visible network interface. You can create aliases on the loopback interface for this purpose. The downside is that you have to use pf to redirect traffi= c into the jail from the outside interface based on some unique combination= of IP number and network port, which means that you can't have eg. sshd(8= ) in the host system and in the jail both listening on the external port 22= =2E You either have to hop through the host system or you have to redirect traffic to some other some other ports (eg 2201 for the first jail, 2202 for the second) into the jailed sshd's. I sketched out how to do this sort of thing in a post a year or so back: http://lists.freebsd.org/pipermail/freebsd-questions/2008-March/171748.ht= ml it should be fairly easy to generalise that to multiple jails. =20 Cheers, Matthew [*] Well, alright, yes, it is quite an advanced topic and probably not something you should be trying before you've got a bit more FreeBSD experience under your belt. --=20 Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW --------------enig1C3E45F2A7D2EF66940C7E96 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.13 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEAREIAAYFAkr0gCQACgkQ8Mjk52CukIzS3wCcCEQRXrq+qzVX+smXmAKF/ht7 YAsAoIsKtzcxvrommxtvnFCW332h0ONb =zVMI -----END PGP SIGNATURE----- --------------enig1C3E45F2A7D2EF66940C7E96--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4AF4801E.9050806>