Mark Shroyer subscriber+freebsd at markshroyer.com
Mon Mar 22 01:44:46 UTC 2010

On 3/21/2010 8:21 PM, Aiza wrote:
> Does the ip address notation for the jail include the port number?
> Like Nat port forwarding is the long way around just to get
> the correct port number to the jail ip address.

Nope, jails are assigned one (or more) specific IP addresses, but not
specific port numbers.  So if you don't have a separate public IP for
your jail, you'll be relying on some sort of packet filter to redirect
traffic to its private IP address.

This isn't as big a deal as it may sound, especially if you're already
using PF, which has built-in packet redirection capabilities that do not
require you to run a separate NAT daemon.

> I found the man ezjail-admin has this format
> ezjail-admin install -h file://   Where -h file:// means get the
> binaries from the host system the jails are running on.  Am I correct?

Yes, according to the man page.  I haven't tried it yet myself, since I
set up my basejail before this option was available.

> My understanding of handbook section 15.6 Application of Jails
> (service jails)is a copy of the host binaries is populated into the
> basejail and all the other jails have read only access to it. Each guest
> jail also has a read/write space for installing ports/packages unique to
> that jail including /var /usr /etc.  Am I correct? Is this how ezjail is
> configured now?

Yes, that's correct.

Mark Shroyer

More information about the freebsd-questions mailing list