Help understanding basic FreeBSD concepts (ports, updates, jails)

Matthew Seaman m.seaman at infracaninophile.co.uk
Fri Nov 6 19:59:39 UTC 2009 

Bill Moran wrote:
> In response to Manolis Kiagias <sonicy at otenet.gr>:
> 
>> Roger wrote:
>>
>>> My third item is jails. I currently have only one external IP. I would
>>> like to setup two jails, one for apache and the other for postfix.
>>> Would that require more external IPs? If I wanted to have ssh access
>>> to the host and the jails that would definitely will require 3
>>> external IPs right?
> 
> You can do some funky address aliasing with (for example) pf or ipfw, but
> it gets rather complex.
> 
> So, the answer is, "No, you don't need multiple IPs, but the setup gets
> rather complicated if you don't have multiple IPs.  As a result, most
> people who do this will have multiple IPs."
> 

Oh, it's not so complex as all that[*].  You will need at least an IP
per jail *but* these don't have to be on the external, world visible
network interface.  You can create aliases on the loopback interface for
this purpose.  The downside is that you have to use pf to redirect traffic
into the jail from the outside interface based on some unique combination
of IP number and network port, which means that you can't have eg. sshd(8)
in the host system and in the jail both listening on the external port 22.
You either have to hop through the host system or you have to redirect
traffic to some other some other ports (eg 2201 for the first jail, 2202
for the second) into the jailed sshd's.

I sketched out how to do this sort of thing in a post a year or so back:

http://lists.freebsd.org/pipermail/freebsd-questions/2008-March/171748.html

it should be fairly easy to generalise that to multiple jails.  

	Cheers,

	Matthew

[*] Well, alright, yes, it is quite an advanced topic and probably not
something you should be trying before you've got a bit more FreeBSD
experience under your belt.

-- 
Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                  Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
                                                  Kent, CT11 9PW

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 259 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20091106/e11f346d/signature.pgp

More information about the freebsd-questions mailing list