Date: Tue, 10 Aug 2010 15:08:34 +0200 From: Roland Smith <rsmith@xs4all.nl> To: Brice ERRANDONEA <berrandonea@yahoo.fr> Cc: freebsd-questions@freebsd.org Subject: Re: How to connect a jail to the web ? Message-ID: <20100810130834.GA48376@slackbox.erewhon.net> In-Reply-To: <268321.67123.qm@web24608.mail.ird.yahoo.com> References: <268321.67123.qm@web24608.mail.ird.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--Nq2Wo0NMKNjxTN9z
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Tue, Aug 10, 2010 at 11:01:24AM +0000, Brice ERRANDONEA wrote:
> Hello,
>=20
> I've just created my first FreeBSD jail in order to install a web server
> inside. But I don't know how to connect it to the web. When I try pingin=
g a
> http website, it doesn't work. Of course, it works when I do it from outs=
ide
> the jail.
There are a couple of things you need to keep in mind.
- The IP address you're using for a jail is usually an alias for an exist=
ing
interface. I think this is done to make routing easier. My system is
configured as a gateway, and I've aliased the IP adresses for my jails =
to
the interaface of the internal trusted network.
- You should really use the rc interface for starting jails; it's much ea=
sier.=20
> Another problem, probably linked to the first one, I can't run rc within =
the=20
> jail, even as the jail's root. It says : permission denied.
See below.
=20
> Here's how I built and started my jail. I had already run make buildworld=
when=20
> upgrading to 8.1 release :
>=20
> # mkdir /usr/prison
> # cd /usr/src
> # make installworld DESTDIR=3D/usr/prison
> # make distribution DESTDIR=3D/usr/prison
Do not forget to create an empty /etc/fstab in your jail;
# touch /usr/prison/etc/fstab
You'll also need to create an appropriate /etc/rc.conf file in the jail. The
following should be a starting point;
devfs_system_ruleset=3D"devfsrules_jail"
network_interfaces=3D""
sshd_enable=3D"YES"
sendmail_enable=3D"NO"
rpcbind_enable=3D"NO"
> # mount -t devfs devfs /usr/prison/dev
> # jail -c path=3D/usr/prison host.hostname=3DServeurWeb ip4.addr=3D192.1.=
1.1 persist
> # jail /usr/prison ServeurWeb 192.1.1.1 csh
You should use the full path name of the program you want to run.
# jail /usr/prison ServeurWeb 192.1.1.1 /bin/csh
If you want to start the rc system in the jail;
# jail /usr/prison ServeurWeb 192.1.1.1 /bin/sh /etc/rc
I've detailed my setpup on a webpage. Maybe it will be of use to you;
http://www.xs4all.nl/~rsmith/unix/misc.xhtml#creatingavirtualserveronfreebs=
dwithajail8
Roland
--=20
R.F.Smith http://www.xs4all.nl/~rsmith/
[plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated]
pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725)
--Nq2Wo0NMKNjxTN9z
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (FreeBSD)
iEYEARECAAYFAkxhT1IACgkQEnfvsMMhpyWYBACfSmJI4+xnqLsRqD0ALViXOxOk
7r0Ani9XJ39b0ZkJt0c43UU8pg/K8DhU
=FNve
-----END PGP SIGNATURE-----
--Nq2Wo0NMKNjxTN9z--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100810130834.GA48376>