Hi all,
I have installed one FreeBSD 9.0-RC1 host to run different services
(dns, smtp and www only) using jails. This host has two physical nics:
em0 and em1. em0 is assigned to pyhiscal host, and I would like to
assign em1 to jails. But em0 and em1 are on different networks: em0 is
on 192.168.1.0/24 and em1 in 192.168.2.0/29.
I have setup one jail using ezjail. My first surprise is that ezjail
only installs -RELEASE versions and not RC versions. Ok, I supouse that
it is normal. But my first question is: can I install a FreeBSD 8.2 jail
under a FreeBSD 9.0 host??
And the real question: How do I need to configure network under this
jail to access it? I have configured ifconfig param for em1 on host's
rc.conf, but what about the default route under this jail?? I thought to
use pf rules, but I am not sure.
Thanks.
--
CL Martinez
carlopmart {at} gmail {d0t} com
On Tue, Oct 25, 2011 at 11:52 PM, carlopmart <carlopmart@gmail.com> wrote:> Hi all, > > ?I have installed one FreeBSD 9.0-RC1 host to run different services (dns, > smtp and www only) using jails. This host has two physical nics: em0 and > em1. em0 is assigned to pyhiscal host, and I would like to assign em1 to > jails. But em0 and em1 are on different networks: em0 is on 192.168.1.0/24 > and em1 in 192.168.2.0/29. > > ?I have setup one jail using ezjail. My first surprise is that ezjail only > installs -RELEASE versions and not RC versions. Ok, I supouse that it is > normal. But my first question is: can I install a FreeBSD 8.2 jail under a > FreeBSD 9.0 host??ezjail doesn't necessarily install a release version. < ezjail-admin update -p -i > will install the basejail from your source.> ?And the real question: How do I need to configure network under this jail > to access it? I have configured ifconfig param for em1 on host's rc.conf, > but what about the default route under this jail?? I thought to use pf > rules, but I am not sure.gateway_enable="YES" should take care of this.> > Thanks. > -- > CL Martinez > carlopmart {at} gmail {d0t} com > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" >Regards -- George Kontostanos aisecure.net
Le Tue, 25 Oct 2011 22:52:55 +0200, carlopmart <carlopmart@gmail.com> a ?crit : Hello,> I have installed one FreeBSD 9.0-RC1 host to run different services > (dns, smtp and www only) using jails. This host has two physical > nics: em0 and em1. em0 is assigned to pyhiscal host, and I would like > to assign em1 to jails. But em0 and em1 are on different networks: > em0 is on 192.168.1.0/24 and em1 in 192.168.2.0/29. > > I have setup one jail using ezjail. My first surprise is that > ezjail only installs -RELEASE versions and not RC versions. Ok, I > supouse that it is normal. But my first question is: can I install a > FreeBSD 8.2 jail under a FreeBSD 9.0 host??You may run 8.2 installed ports on 9.0 by using the port /usr/ports/misc/compat8x/ But I suggest to upgrade the port ASAP.> And the real question: How do I need to configure network under > this jail to access it? I have configured ifconfig param for em1 on > host's rc.conf, but what about the default route under this jail?? I > thought to use pf rules, but I am not sure.jail enforces the use of the jail IP address in the jail, but that's all. Just enable routing on the host. Also be sure that the host's daemons don't bind on the jail IP address, as explained in the man page of jail (Setting up the Host Environment). Regards.
>> I have setup one jail using ezjail. My first surprise is that >> ezjail only installs -RELEASE versions and not RC versions. Ok, I >> supouse that it is normal. But my first question is: can I install a >> FreeBSD 8.2 jail under a FreeBSD 9.0 host??I have upgraded my ezjails using something like: env UNAME_r="8.2-RELEASE" freebsd-update -b /usr/jails/basejail -r 9.0-RC1 upgrade install This is some hassle, for example, one has to upgrade /etc and /var in /usr/jails/newjail by hand. (And maybe even more, not completely sure there.)
On 10/26/2011 08:09 AM, legolas@legolasweb.nl wrote:> >>> I have setup one jail using ezjail. My first surprise is that >>> ezjail only installs -RELEASE versions and not RC versions. Ok, I >>> supouse that it is normal. But my first question is: can I install a >>> FreeBSD 8.2 jail under a FreeBSD 9.0 host?? > > I have upgraded my ezjails using something like: > env UNAME_r="8.2-RELEASE" freebsd-update -b /usr/jails/basejail -r 9.0-RC1 > upgrade install > > This is some hassle, for example, one has to upgrade /etc and /var in > /usr/jails/newjail by hand. (And maybe even more, not completely sure > there.) >is not possible to update the jail using "ejzail-admin update -u" instead of use freebsd-update directly?? -- CL Martinez carlopmart {at} gmail {d0t} com
> On 10/26/2011 08:09 AM, legolas@legolasweb.nl wrote: >> >>>> I have setup one jail using ezjail. My first surprise is that >>>> ezjail only installs -RELEASE versions and not RC versions. Ok, I >>>> supouse that it is normal. But my first question is: can I install a >>>> FreeBSD 8.2 jail under a FreeBSD 9.0 host?? >> >> I have upgraded my ezjails using something like: >> env UNAME_r="8.2-RELEASE" freebsd-update -b /usr/jails/basejail -r >> 9.0-RC1 >> upgrade install >> >> This is some hassle, for example, one has to upgrade /etc and /var in >> /usr/jails/newjail by hand. (And maybe even more, not completely sure >> there.) >> > > is not possible to update the jail using "ejzail-admin update -u" > instead of use freebsd-update directly?? >Updating can be done, upgrading not. (Thus, a security update can be done, a full version not, if I understand it correctly.) This functionality exists (prematurely) in CVS: https://erdgeist.org/cvsweb/ezjail/ezjail-admin.diff?r1=1.263&r2=1.264&f=h