ezjail

[Michael Powell]

Mark Shroyer wrote:

> On 3/21/2010 1:10 AM, Aiza wrote:
>> I don't have sources installed on my system. Just use the binary
>> Freebsd-update function. At new releases I do a clean install.
>> I only have a single public IP address.
>> 
>> Now I would like to play with jails. One for postfix, apache, and ftp.
>> My reading of EZJAIL and the jails section of the handbook lead me to
>> believe I need a unique IP address for each jail. Is that correct?
> 
> Yes.  But if you have only one public IP address, you can give the jail
> a loopback interface with an address in 127.0.0/24 or one of the RFC
> 1918 private blocks (there's some debate as to which is the more
> "correct" type of address to use, but either will work), then use NAT if
> you need your jail to be able to access the Internet.
> 
> If it helps you to reason about this, keep in mind that your jail does
> *not* have its own virtualized network stack, like with Solaris Zones
> for instance.  The best way to think about your jails is as a group of
> processes running on the same operating system as the host, just with
> the restriction that (among other things) they can only communicate with
> the outside world using a limited subset of the IP addresses available
> to non-jailed processes.
>

You might find the below interesting. Only just begun reading/studying it 
myself.

http://www.freebsd.org/releases/8.0R/relnotes-detailed.html#KERNEL
 
[snip]

-Mike