From owner-freebsd-questions Wed Dec 4 8: 1:38 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2EE4537B401 for ; Wed, 4 Dec 2002 08:01:37 -0800 (PST) Received: from hub.org (hub.org [64.49.215.141]) by mx1.FreeBSD.org (Postfix) with ESMTP id DA29C43EAF for ; Wed, 4 Dec 2002 08:01:36 -0800 (PST) (envelope-from scrappy@hub.org) Received: from hub.org (hub.org [64.49.215.141]) by hub.org (Postfix) with ESMTP id E13ED8A8592; Wed, 4 Dec 2002 12:01:27 -0400 (AST) Date: Wed, 4 Dec 2002 12:01:27 -0400 (AST) From: "Marc G. Fournier" To: Jeff MacDonald Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Another Jail Question In-Reply-To: Message-ID: <20021204115636.V36076-100000@hub.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, 4 Dec 2002, Jeff MacDonald wrote: > Hi, > > I have been thinking about running 2 jails on my home server > one for "work sensitive" data, the other for personal fun stuff. > > However i only have 1 ip at my house [static]. > > Could i take the server taht will have jails on it, put it behind > a natd box so it has 2 ip's [192.168.0.1 and .2] and just make > the nat box, forward packets to teh appropriate jail based upon > what port they come in on ? Jeff, check with Chris on this, as I believe he's actually running a game server inside of one of his jails, with his machine running off of the one IP ... in fact, and I may be wrong about this, but you *should* be able to avoid the other machine altogether and use IPFW for this, as I *believe* (haven't played with it yet) IPFW has a redirect facility that might do it for you ... so you'd have use dummynet to create a 'fake ethernet' for the 192.168.0.* address(es) for the jail's to bind on ... > also, if i have host machine with 2 jails in it, i know i can't run > PostgreSQL in the jails, can i run it on the host environment and make > the jails access it via TCP ? Actually, you *can* run PgSQL inside of the jail ... the issue is that there are security implications of doing that ... the shared memory isn't "per jail", so someone in another jail could attach to the shared memory in another jail ... by default, shared memory access is disabled inside a jail, but there is a sysctl value you can set to enable it ... but, yes, you can access the server via tcp at the host level as well ... > server is a dual PII 300 with 512 megs of ram, this should be fine > to handle 2 jails, right ? unless you start gettinjg into high memory circumstances (ie. jakarta-tomcat is a major dog for memory), 2 wouldn't be a problem ... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message