From owner-freebsd-questions@FreeBSD.ORG Fri Nov 6 19:59:38 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EFDE21065670 for ; Fri, 6 Nov 2009 19:59:38 +0000 (UTC) (envelope-from m.seaman@infracaninophile.co.uk) Received: from smtp.infracaninophile.co.uk (gate6.infracaninophile.co.uk [IPv6:2001:8b0:151:1::1]) by mx1.freebsd.org (Postfix) with ESMTP id 5E1AD8FC12 for ; Fri, 6 Nov 2009 19:59:38 +0000 (UTC) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost [IPv6:::1]) (authenticated bits=0) by smtp.infracaninophile.co.uk (8.14.3/8.14.3) with ESMTP id nA6JxWvq054356; Fri, 6 Nov 2009 19:59:33 GMT (envelope-from m.seaman@infracaninophile.co.uk) X-DKIM: Sendmail DKIM Filter v2.8.3 smtp.infracaninophile.co.uk nA6JxWvq054356 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=infracaninophile.co.uk; s=200708; t=1257537573; bh=SP2yya2oV+Hrbh4AoBTEriTw/dU5g+o2fjll82rjCcc=; h=Message-ID:Date:From:MIME-Version:To:CC:Subject:References: In-Reply-To:Content-Type:Cc:Content-Type:Date:From:In-Reply-To: Message-ID:Mime-Version:References:To; z=Message-ID:=20<4AF4801E.9050806@infracaninophile.co.uk>|Date:=20F ri,=2006=20Nov=202009=2019:59:26=20+0000|From:=20Matthew=20Seaman= 20|Organization:=20Infracaninophi le|User-Agent:=20Thunderbird=202.0.0.23=20(X11/20090823)|MIME-Vers ion:=201.0|To:=20Bill=20Moran=20|CC:=20R oger=20,=20freebsd-questions@freebsd.org|Subject :=20Re:=20Help=20understanding=20basic=20FreeBSD=20concepts=20(por ts,=20updates,=20jails)|References:=20<9d972bed0911060931k4ee2a5b7 n9d62db23beeb6367@mail.gmail.com>=09<4AF4670F.7040103@otenet.gr>=2 0<20091106132232.303cf7c3.wmoran@potentialtech.com>|In-Reply-To:=2 0<20091106132232.303cf7c3.wmoran@potentialtech.com>|X-Enigmail-Ver sion:=200.95.6|Content-Type:=20multipart/signed=3B=20micalg=3Dpgp- sha256=3B=0D=0A=20protocol=3D"application/pgp-signature"=3B=0D=0A= 20boundary=3D"------------enig1C3E45F2A7D2EF66940C7E96"; b=vkG9a8gZ2i6pe0b0DRa9HSZoWrPYpiXzfPenfC2CJ1ry3k2r/1Q5ASEJSOI2TuPxh tKpwDFRwCqIMJuwqjAu32+yHeL5MfeoBdnDPJt5VOCheQ8y7eKnOlKT/MB79+T14/e CtpS/TteN4Iidrh2WdGF46rWbYUKWDluHbo40MV8= X-Authentication-Warning: happy-idiot-talk.infracaninophile.co.uk: Host localhost [IPv6:::1] claimed to be happy-idiot-talk.infracaninophile.co.uk Message-ID: <4AF4801E.9050806@infracaninophile.co.uk> Date: Fri, 06 Nov 2009 19:59:26 +0000 From: Matthew Seaman Organization: Infracaninophile User-Agent: Thunderbird 2.0.0.23 (X11/20090823) MIME-Version: 1.0 To: Bill Moran References: <9d972bed0911060931k4ee2a5b7n9d62db23beeb6367@mail.gmail.com> <4AF4670F.7040103@otenet.gr> <20091106132232.303cf7c3.wmoran@potentialtech.com> In-Reply-To: <20091106132232.303cf7c3.wmoran@potentialtech.com> X-Enigmail-Version: 0.95.6 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------enig1C3E45F2A7D2EF66940C7E96" X-Virus-Scanned: clamav-milter 0.95.3 at happy-idiot-talk.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-3.0 required=5.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VERIFIED,NO_RELAYS autolearn=ham version=3.2.5 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on happy-idiot-talk.infracaninophile.co.uk Cc: Roger , freebsd-questions@freebsd.org Subject: Re: Help understanding basic FreeBSD concepts (ports, updates, jails) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Nov 2009 19:59:39 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig1C3E45F2A7D2EF66940C7E96 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable Bill Moran wrote: > In response to Manolis Kiagias : >=20 >> Roger wrote: >> >>> My third item is jails. I currently have only one external IP. I woul= d >>> like to setup two jails, one for apache and the other for postfix. >>> Would that require more external IPs? If I wanted to have ssh access >>> to the host and the jails that would definitely will require 3 >>> external IPs right? >=20 > You can do some funky address aliasing with (for example) pf or ipfw, b= ut > it gets rather complex. >=20 > So, the answer is, "No, you don't need multiple IPs, but the setup gets= > rather complicated if you don't have multiple IPs. As a result, most > people who do this will have multiple IPs." >=20 Oh, it's not so complex as all that[*]. You will need at least an IP per jail *but* these don't have to be on the external, world visible network interface. You can create aliases on the loopback interface for this purpose. The downside is that you have to use pf to redirect traffi= c into the jail from the outside interface based on some unique combination= of IP number and network port, which means that you can't have eg. sshd(8= ) in the host system and in the jail both listening on the external port 22= =2E You either have to hop through the host system or you have to redirect traffic to some other some other ports (eg 2201 for the first jail, 2202 for the second) into the jailed sshd's. I sketched out how to do this sort of thing in a post a year or so back: http://lists.freebsd.org/pipermail/freebsd-questions/2008-March/171748.ht= ml it should be fairly easy to generalise that to multiple jails. =20 Cheers, Matthew [*] Well, alright, yes, it is quite an advanced topic and probably not something you should be trying before you've got a bit more FreeBSD experience under your belt. --=20 Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW --------------enig1C3E45F2A7D2EF66940C7E96 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.13 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEAREIAAYFAkr0gCQACgkQ8Mjk52CukIzS3wCcCEQRXrq+qzVX+smXmAKF/ht7 YAsAoIsKtzcxvrommxtvnFCW332h0ONb =zVMI -----END PGP SIGNATURE----- --------------enig1C3E45F2A7D2EF66940C7E96--