Date: Wed, 11 Aug 2010 08:02:57 +0800 From: Fbsd8 <fbsd8@a1poweruser.com> To: Brice ERRANDONEA <berrandonea@yahoo.fr> Cc: freebsd-questions@freebsd.org Subject: Re: How to connect a jail to the web ? Message-ID: <4C61E8B1.7050605@a1poweruser.com> In-Reply-To: <268321.67123.qm@web24608.mail.ird.yahoo.com> References: <268321.67123.qm@web24608.mail.ird.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Brice ERRANDONEA wrote: > Hello, > > I've just created my first FreeBSD jail in order to install a web server inside. > But I don't know how to connect it to the web. When I try pinging a http > website, it doesn't work. Of course, it works when I do it from outside the > jail. > > Another problem, probably linked to the first one, I can't run rc within the > jail, even as the jail's root. It says : permission denied. > > Here's how I built and started my jail. I had already run make buildworld when > upgrading to 8.1 release : > > # mkdir /usr/prison > # cd /usr/src > # make installworld DESTDIR=/usr/prison > # make distribution DESTDIR=/usr/prison > # mount -t devfs devfs /usr/prison/dev > # jail -c path=/usr/prison host.hostname=ServeurWeb ip4.addr=192.1.1.1 persist > # jail /usr/prison ServeurWeb 192.1.1.1 csh > > I guess this must be a very basic question but please help me. > > 1. ping is a security risk from within a jail and is disabled by design. (read jail(8) for details). No use using a jail if the first thing you do is re-enable ping in the jail. To test for public internet connection from within a jail use dig or whois commands. 2. Using the hosts firewall to drive traffic to a jail is a sign you have your jail incorrectly configured or do not understand how jails are intended to work. 3. Jail do not have a network stack of their own, so they cant have a firewall. The host's firewall and and network stack are in control. 4. There are 2 utilities for creating jails. Qjail the better documented of the 2, is designed for the novice which clearly you are. I strongly suggest you checkout http://sourceforge.net/projects/qjail
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4C61E8B1.7050605>