How to connect a jail to the web ?
Rocky Borg
rrborg at speakeasy.net
Tue Aug 10 13:54:18 UTC 2010
On 8/10/2010 4:01 AM, Brice ERRANDONEA wrote:
> Hello,
>
> I've just created my first FreeBSD jail in order to install a web server inside.
> But I don't know how to connect it to the web. When I try pinging a http
> website, it doesn't work. Of course, it works when I do it from outside the
> jail.
>
> Another problem, probably linked to the first one, I can't run rc within the
> jail, even as the jail's root. It says : permission denied.
>
> Here's how I built and started my jail. I had already run make buildworld when
> upgrading to 8.1 release :
>
> # mkdir /usr/prison
> # cd /usr/src
> # make installworld DESTDIR=/usr/prison
> # make distribution DESTDIR=/usr/prison
> # mount -t devfs devfs /usr/prison/dev
> # jail -c path=/usr/prison host.hostname=ServeurWeb ip4.addr=192.1.1.1 persist
> # jail /usr/prison ServeurWeb 192.1.1.1 csh
>
> I guess this must be a very basic question but please help me.
>
I would highly recommend ezjail for setting up jails. Although you
should still read the handbook on jails so you understand the overall
mechanics. Reading ezjails man page makes it very easy to setup and
deploy new jails in the future. The only thing you need to do inside a
jail setup with ezjail to connect to the web is put nameservers in
/etc/resolv.conf
For setting it up on your host system you can do something like this
(there are a couple of ways you can do it, I've just found this to be
the most portable).
host rc.conf
#Put jail on loopback device
cloned_interfaces="lo1"
ifconfig_lo1="inet 10.1.1.1 netmask 255.255.255.0"
# Enable port forwarding and packet filtering
gateway_enable="YES"
pf_enable="YES"
pf_rules="/etc/pf.conf"
# Jails
ezjail_enable="YES"
host pf.conf, find your interface name via ifconfig
#INTERFACES
ext_if="em0"
# nat from jails to your network cards ip
nat on $ext_if from 10.1.1.0/24 to any -> XXX.XXX.XXX.XXX
Here are some resource I found helpful when I was setting up jails for
the first time. Be aware some ezjail tutorials are really old and you
should read the man page first as that is current.
http://www2.budzien.com/wiki/Wiki.jsp?page=UsingEzJail
http://wael.nasreddine.com/blog/jail-servers.html
http://www.jeroen.se/articles/freebsd_jail_laptop_dhcp.php
More information about the freebsd-questions
mailing list