From owner-freebsd-questions@FreeBSD.ORG Tue Aug 10 13:54:18 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A7FB71065679 for ; Tue, 10 Aug 2010 13:54:18 +0000 (UTC) (envelope-from rrborg@speakeasy.net) Received: from mail8.sea5.speakeasy.net (mail8.sea5.speakeasy.net [69.17.117.53]) by mx1.freebsd.org (Postfix) with ESMTP id 856708FC1B for ; Tue, 10 Aug 2010 13:54:18 +0000 (UTC) Received: (qmail 27379 invoked from network); 10 Aug 2010 13:54:17 -0000 Received: from c-67-187-169-218.hsd1.ca.comcast.net (HELO [192.168.1.141]) (rrborg@[67.187.169.218]) (envelope-sender ) by mail8.sea5.speakeasy.net (qmail-ldap-1.03) with AES256-SHA encrypted SMTP for ; 10 Aug 2010 13:54:17 -0000 Message-ID: <4C615A06.3020601@speakeasy.net> Date: Tue, 10 Aug 2010 06:54:14 -0700 From: Rocky Borg User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.11) Gecko/20100711 Thunderbird/3.0.6 MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <268321.67123.qm@web24608.mail.ird.yahoo.com> In-Reply-To: <268321.67123.qm@web24608.mail.ird.yahoo.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: How to connect a jail to the web ? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Aug 2010 13:54:18 -0000 On 8/10/2010 4:01 AM, Brice ERRANDONEA wrote: > Hello, > > I've just created my first FreeBSD jail in order to install a web server inside. > But I don't know how to connect it to the web. When I try pinging a http > website, it doesn't work. Of course, it works when I do it from outside the > jail. > > Another problem, probably linked to the first one, I can't run rc within the > jail, even as the jail's root. It says : permission denied. > > Here's how I built and started my jail. I had already run make buildworld when > upgrading to 8.1 release : > > # mkdir /usr/prison > # cd /usr/src > # make installworld DESTDIR=/usr/prison > # make distribution DESTDIR=/usr/prison > # mount -t devfs devfs /usr/prison/dev > # jail -c path=/usr/prison host.hostname=ServeurWeb ip4.addr=192.1.1.1 persist > # jail /usr/prison ServeurWeb 192.1.1.1 csh > > I guess this must be a very basic question but please help me. > I would highly recommend ezjail for setting up jails. Although you should still read the handbook on jails so you understand the overall mechanics. Reading ezjails man page makes it very easy to setup and deploy new jails in the future. The only thing you need to do inside a jail setup with ezjail to connect to the web is put nameservers in /etc/resolv.conf For setting it up on your host system you can do something like this (there are a couple of ways you can do it, I've just found this to be the most portable). host rc.conf #Put jail on loopback device cloned_interfaces="lo1" ifconfig_lo1="inet 10.1.1.1 netmask 255.255.255.0" # Enable port forwarding and packet filtering gateway_enable="YES" pf_enable="YES" pf_rules="/etc/pf.conf" # Jails ezjail_enable="YES" host pf.conf, find your interface name via ifconfig #INTERFACES ext_if="em0" # nat from jails to your network cards ip nat on $ext_if from 10.1.1.0/24 to any -> XXX.XXX.XXX.XXX Here are some resource I found helpful when I was setting up jails for the first time. Be aware some ezjail tutorials are really old and you should read the man page first as that is current. http://www2.budzien.com/wiki/Wiki.jsp?page=UsingEzJail http://wael.nasreddine.com/blog/jail-servers.html http://www.jeroen.se/articles/freebsd_jail_laptop_dhcp.php