Jail question
Matthew Law
matt at webcontracts.co.uk
Mon Oct 18 20:57:56 UTC 2010
On Fri, October 15, 2010 2:54 pm, Ivan Voras wrote:
> Since jails can do many things there are many "helper" utilities that
> can do much to simplify the process. If you can hack python, you can,
> for example, modify my script at
> http://ivoras.sharanet.org/stuff/mkjails.py which I've used to create a
> thousand very light-weight jails which are started and managed using
> only standard FreeBSD tools.
>
> In any case, read rc.conf(5) man page for the jail_* settings.
snip
> This is the more complex question; I think that everything which needs
> direct access to the NIC (i.e. BPF, DHCP, IPFW, etc.) will need to be
> run on the host system. TCP services will work inside jails without
> problems, but with jails it's almost the same as if they were on another
> system. If you do use NAT you will have to configure it on the host.
> Instead, you can also use TCP proxies (like bsdproxy). It's up to you
> how much complexity do you want in your system, but for simplicity I
> would set up a single outward-facing IP address and then proxy TCP
> services where I need them.
Thanks for the helpful replies. I am experimenting with some ideas on a
VM now. It certainly does seem more logical to have the firewall, VPN and
NAT rules in the base system and everything else jailed. I can just about
get by with Python and your script looks like it could be of use - thanks
for sharing it.
Matt.
More information about the freebsd-questions
mailing list