aiza21 at comclark.com
Mon Mar 22 00:21:41 UTC 2010
Mark Shroyer wrote:
> On 3/21/2010 1:10 AM, Aiza wrote:
>> I don't have sources installed on my system. Just use the binary
>> Freebsd-update function. At new releases I do a clean install.
>> I only have a single public IP address.
>> Now I would like to play with jails. One for postfix, apache, and ftp.
>> My reading of EZJAIL and the jails section of the handbook lead me to
>> believe I need a unique IP address for each jail. Is that correct?
> Yes. But if you have only one public IP address, you can give the jail
> a loopback interface with an address in 127.0.0/24 or one of the RFC
> 1918 private blocks (there's some debate as to which is the more
> "correct" type of address to use, but either will work), then use NAT if
> you need your jail to be able to access the Internet.
> If it helps you to reason about this, keep in mind that your jail does
> *not* have its own virtualized network stack, like with Solaris Zones
> for instance. The best way to think about your jails is as a group of
> processes running on the same operating system as the host, just with
> the restriction that (among other things) they can only communicate with
> the outside world using a limited subset of the IP addresses available
> to non-jailed processes.
Does the ip address notation for the jail include the port number?
Like 10.0.20.2:80 Nat port forwarding is the long way around just to get
the correct port number to the jail ip address.
>> I have no need to build world or install world because it does this from
>> /usr/src which i don't install. Is there some EZJAIL option to just copy
>> over the running system binaries instead of the sources?
> Until recently, the method for creating ezjail's "basejail" was to issue
> the "ezjail-admin update" command, which compiles the basejail from
> /usr/src. Just recently an "ezjail-admin install" command was added,
> which downloads binaries from a FreeBSD FTP server instead. So you
> shouldn't need sources to get started, however I'm not sure what the
> update mechanism is if you use the install command.
I found the man ezjail-admin has this format
ezjail-admin install -h file:// Where -h file:// means get the
binaries from the host system the jails are running on. Am I correct?
>> The handbook "15.4 Creating and Controlling Jails" talks about
>> “complete” jails, which resemble a real FreeBSD system, and “service”
>> jails, dedicated to one application or service. Section 15.4 is the
>> procedure for building a "complete jail" using the jail command.
>> The 15.6 Application of Jails (service jails) talks about creating a
>> root skeleton containing the host running files which are shared with
>> all the guest jails in read only mode. This eliminates the massive
>> duplication of running system files in each jail as in the complete jail
>> system talked about in handbook section "15.4 Creating and Controlling
>> Now reading the ezjail man pages I see that ezjail also creates a base
>> template that is shared between all jails. Is this the same method
>> talked about in the handbook section 15.6 Application of Jails (service
> It's essentially the same approach. (With ezjail you'll still be
> duplicating binaries between the host system and the basejail, but I
> wouldn't loose sleep over it.)
My understanding of handbook section 15.6 Application of Jails
(service jails)is a copy of the host binaries is populated into the
basejail and all the other jails have read only access to it. Each guest
jail also has a read/write space for installing ports/packages unique to
that jail including /var /usr /etc. Am I correct? Is this how ezjail is
More information about the freebsd-questions