jail - beginner questions

Michael Svobodin admik at admik.pp.ru
Wed Nov 18 05:04:46 UTC 2009 

On Tue, Nov 17, 2009 at 10:41:14PM +0430, Laszlo Nagy wrote:

> My computer is a windows machine, with address 192.168.0.X
> Then the FreeBSD host is actually a guest os running in wvmare. It has 
> address 192.168.37.133
> And finally, the vm1 jail should have 192.168.0.11
> 
> I don't know why 192.168.0.11 is not working for the jail. Anyway, if I 
> change the jail's address to 192.168.10.11 then
> 
> /etc/rc.d/jail start vm1
> Starting jails: vm1.localdomain.
> 

The address 192.168.0.11 must be assigned to a interface in the host FreeBSD.
You can do it before starting the jail, or when the jail is being started.

To assign the address before starting the jail do somthing like this:
# ifconfig lnc0 alias 192.168.0.11/24
where lnc0 is the name of nic in the host FreeBSD
And you can add to /etc/rc.conf:
ifconfig_lnc0_alias0="inet 192.168.0.11/24"
to assign the address then the host FreeBSD is booting.

To assing the address when the jail is being started just add to /etc/rc.conf this:
jail_vm1_interface="lnc0" 
This way is preferred.

> Now the next question: how can I access the hosted (jailed) OS? I know 
> it is a dumb question, but I have no idea. I would like to:
> 
> a.) run sshd in the jail
> b.) login from the host to the jailed (hosted) OS
> c.) install programs on the jail, configure them and finally
> d.) use NATD to divert some pacakges from the host to the jail and back

b.) 
1. get the jails list: 
# jls
  JID  IP Address      Hostname                      Path
     9  192.168.64.14   mx1.loc                       /store/jail/mx1
     8  192.168.64.25   nslst.loc                     /store/jail/nslst
2. select required jail by JID, for example 9 for mx1.loc and do:
# jexec 9 tcsh
3. you're in

a.) Login inside the jail. Now add to /etc/rc.conf sshd_enable="YES" and execute:
# /etc/rc.d/sshd start

c.) When you're inside the jail you can install software like in the host system. 
You can use the pkg_add or the ports system.

d.) It requires to use firewall either ipfw or pf. 
For example you can add to your /etc/pf.conf: 
nat on lnc0 from 192.168.0.11 to any -> 192.168.37.133 

But the firewall requires more lines then this one to work correcly with all network traffic.
And you have to know exactly what you want to get for using it. 

> 
> Probably this is what everybody does, so if you could point me to a 
> tutorial or something, I would appriciate it.
> 
> Thanks,
> 
>   Laszlo
> 
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"

More information about the freebsd-questions mailing list