Date: Fri, 04 Jun 2010 11:01:59 +0300 From: Kaya Saman <SamanKaya@netscape.net> To: Alexander Leidinger <Alexander@Leidinger.net> Cc: freebsd-jail@freebsd.org Subject: Re: Strange things happening with jails?? Not starting up on boot or services not running inside! Message-ID: <4C08B2F7.4050904@netscape.net> In-Reply-To: <20100604091511.123441fooipqt0ys@webmail.leidinger.net> References: <BLU138-W35932975B5E41FC33DF781F6D10@phx.gbl> <20100604091511.123441fooipqt0ys@webmail.leidinger.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 04/06/2010 10:15, Alexander Leidinger wrote: > Quoting Andrew Hotlab <andrew.hotlab@hotmail.com> (from Thu, 3 Jun > 2010 22:04:44 +0000): > >> I've never had to make Squid listening on port 80, but referring its >> startup script in /usr/local/etc/rc.d/: >> >> # squid_user: The user id that should be used to run the Squid master >> # process. Default: squid. >> # Note that you probably need to define >> "squid_user=root" if >> # you want to run Squid in reverse proxy setups or if >> you want >> # Squid to listen on a "privileged" port < 1024. >> >> So you only need to write the following line in /etc/rc.conf to have >> Squid listening on this privileged port: >> squid_user="root" > > An alternative is to change the sysctl > net.inet.ip.portrange.reservedhigh. By lowering it, other users than > root are allowed to bind to ports <1023 (the system prevents non-root > binds to the port X in the range reservedlow <= X <= reservedhigh). > > Bye, > Alexander. > Many thanks guys for the responses!! I will see which method best fits me... I guess I will take Andrew's suggestion as I don't really want to open up the port range to *all* users however I guess it doesn't really matter as by default Solaris 9 which Squid was originally on I don't think blocked or disallowed anything and I certainly know that Linux doesn't really care either! > jail_enable="YES" > jail_list="named_1 named_2 squid" > jail_named_1_rootdir="/var/jail/named_1" > jail_named_1_hostname="ns1.optiplex-networks.com" > jail_interface="em0" > jail_named_1_ip="192.168.1.100" > #jail_named_1_exec_start="/usr/local/bin/named" > jail_named_1_devfs_enable="YES" > jail_named_2_rootdir="/var/jail/named_2" > jail_named_2_hostname="ns2.optiplex-networks.com" > jail_interface="em0" > jail_named_2_ip="192.168.1.101" > jail_named_2_devfs_enable="YES" > jail_squid_rootdir="/var/jail/squid" > jail_squid_hostname="proxy.optiplex-networks.com" > jail_interface="em0" > jail_squid_ip="192.168.1.110" > jail_squid_devfs_enable="YES" > jail_postfix_rootdir="/var/jail/postfix" > jail_postfix_hostname="relay.optiplex-networks.com" > jail_interface="em0" > jail_postfix_ip="192.168.1.115" > jail_postfix_devfs_enable="YES" > > > These lines are in the file/etc/rc.conf on the jail host? Yes. > If you created all jails with ezjail,> there should be nothing like that: all jail_ vars would > have been written in files stored in > /usr/local/etc/ezjail/ (by default). If you are managing all jails with ezjail you can safely > delete all these entries in the host's rc.conf (only remember to leave ezjail_enable="YES" if you> want automatic startup of all jails at boot time) I didn't use ezjail... I was recommended to take the plunge in to the deep end and try to learn Jails by doing things manually. This is what I ended up with!! - although they do seem to work pretty well as far as I can tell. Regards, Kaya
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4C08B2F7.4050904>