Can a home LAN server use a jail as a router?

Da Rock freebsd-questions at
Mon Dec 6 03:57:19 UTC 2010

On 12/06/10 12:29, Xn Nooby wrote:
> Hello.  Is it possible to use FreeBSD to create three "jails" on one
> box, so that one jail can be a router to the internet, and the other
> two can be webservers?  I wanted to create an environment where if one
> webserver got compromised, the other webserver would be unaffected. I
> have old hardware, so I do not have hardware VT in the chip. I thought
> I previously read that a jail could only have 1 NIC, but I have not
> been able to confirm that. That would spoil my router plan, if true.
> I'm more familiar with Linux than FreeBSD, but Linux seems to be
> moving from Xen towards KVM (which requires VT).  I could use Xen,
> probably on Debian if I did. Xen seems to require a specially built
> Linux kernel on Debian, and I'm not sure I like that.
> I'd also like to set up a personal samba file-server, but I'm deathly
> afraid the machine would get hacked while wired to the net. So I would
> also like to make a jail to be a samba server.
> All these jails are predicated on one of them being able to act as a
> router between the internet and my home LAN. I want some "jails" to
> talk the internet (via the router jail), and some "jails" to only be
> available in my house.
> _______________________________________________
> freebsd-questions at mailing list
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at"
You can have more than one IP, but the actual config of specific NICs is 
done by the host. As for being a router I don't know- I'm not sure you 
can access the sysctl needed, or whether the sysctl will affect the host 
(and therefore other services and jails). And thirdly I'm not sure of 
the validity of it.

Jail your services and run a firewall (pf?) on the host. That will 
control who can get to what, and allow you to 'route' your network the 
way you want to. I'm sure someone else could point out any security 
flaws in this scenario, but it should do what you want and be relatively 

I'd be reading up on Jails and understanding exactly what they are and 
what they are not too. They aren't actual 'emulators' per se, they are 
more a locked up chroot system. Make sure that is exactly what you 


More information about the freebsd-questions mailing list