From owner-freebsd-jail@FreeBSD.ORG Mon Apr 28 11:07:04 2008 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C0AF51065670 for ; Mon, 28 Apr 2008 11:07:04 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id B64008FC26 for ; Mon, 28 Apr 2008 11:07:04 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m3SB74Y3056171 for ; Mon, 28 Apr 2008 11:07:04 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m3SB74pi056167 for freebsd-jail@FreeBSD.org; Mon, 28 Apr 2008 11:07:04 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 28 Apr 2008 11:07:04 GMT Message-Id: <200804281107.m3SB74pi056167@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-jail@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-jail@FreeBSD.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Apr 2008 11:07:04 -0000 Current FreeBSD problem reports Critical problems Serious problems S Tracker Resp. Description -------------------------------------------------------------------------------- s kern/89528 jail [jail] [patch] impossible to kill a jail o kern/119842 jail [smbfs] [jail] "Bad address" with smbfs inside a jail 2 problems total. Non-critical problems S Tracker Resp. Description -------------------------------------------------------------------------------- o bin/32828 jail [jail] w(1) incorrectly handles stale utmp slots with o kern/68192 jail [quotas] [jail] Cannot use quotas on jailed systems o kern/72498 jail [libc] [jail] timestamp code on jailed SMP machine gen o kern/74314 jail [resolver] [jail] DNS resolver broken under certain ja o kern/84215 jail [jail] [patch] wildcard ip (INADDR_ANY) should not bin o kern/89989 jail [jail] [patch] Add option -I (ASCII 73) PID to specif o kern/97071 jail [jail] [patch] add security.jail.jid sysctl o bin/99566 jail [jail] [patch] fstat(1) according to specified jid o bin/119305 jail [jail] [patch] jexec(8): jexec -n prisonname: selectio o kern/120753 jail [jail] Zombie jails (jailed child process exits while 10 problems total. From owner-freebsd-jail@FreeBSD.ORG Mon Apr 28 14:52:41 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6A4281065688 for ; Mon, 28 Apr 2008 14:52:41 +0000 (UTC) (envelope-from nbari@k9.cx) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.185]) by mx1.freebsd.org (Postfix) with ESMTP id 0C26E8FC13 for ; Mon, 28 Apr 2008 14:52:40 +0000 (UTC) (envelope-from nbari@k9.cx) Received: by nf-out-0910.google.com with SMTP id b2so3409333nfb.33 for ; Mon, 28 Apr 2008 07:52:39 -0700 (PDT) Received: by 10.210.105.20 with SMTP id d20mr5869765ebc.38.1209394359719; Mon, 28 Apr 2008 07:52:39 -0700 (PDT) Received: from ?10.50.46.92? ( [213.58.102.135]) by mx.google.com with ESMTPS id y2sm24102112mug.9.2008.04.28.07.52.35 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 28 Apr 2008 07:52:38 -0700 (PDT) Message-Id: From: Nicolas de Bari Embriz Garcia Rojas To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v919.2) Date: Mon, 28 Apr 2008 09:52:30 -0500 X-Mailer: Apple Mail (2.919.2) Cc: freebsd-jail@freebsd.org Subject: routing gif0 ipsec X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Apr 2008 14:52:41 -0000 Hi all, I am trying to all trafic from a gif0 interface used for a vpn to an public IP on the same server that is like an alias I have the following schema (FreeBSD 6.3) gif0: flags=8051 mtu 1280 tunnel inet 67.228.79.224 --> 74.86.163.16 inet 172.16.224.1 --> 172.16.16.1 netmask 0xffffffff em1: flags=8843 mtu 1500 options=1b inet 67.228.78.162 netmask 0xfffffff8 broadcast 67.228.78.167 inet 67.228.79.224 netmask 0xffffffff broadcast 67.228.79.224 The VPN from point 172.16.224.1 --> 172.16.16.1 works, I can ping/ telnet to 172.16.16.1 and get a response. The jail is running on IP 67.228.79.224 (same IP used for doing the VPN/IPSEC) but if I log int to that jail (jexec 1 csh) I can not ping 172.16.16.1 currently I am trying this with pf -- nat pass on gif0 from 67.228.79.224 to 172.16.16.1 -> 172.16.224.1 rdr pass on gif0 proto tcp from any to any port 80 -> 67.228.79.224 pass in log from any to any keep state pass out log from any to any keep state -- but is not working, from the jail (67.228.79.224) I can not ping/ telnet the VPN 172.16.16.1 there is a tool call jumpgate with the one I can redirect incoming tcp to gif0 and forward trafic to em1 with out problems, but instead I would like to use pf jumpgate -b 172.16.224.1 -l 80 -r 80 -a 67.228.79.224 with this i can telnet from the other end point to por 80 and i can forward the connection to the public IP of the jail through the vpn tunnel. any ideas on how to solve this issue using pf or maybe some routing rules. regards. From owner-freebsd-jail@FreeBSD.ORG Mon Apr 28 15:56:49 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E16EB106568C for ; Mon, 28 Apr 2008 15:56:49 +0000 (UTC) (envelope-from nbari@k9.cx) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.187]) by mx1.freebsd.org (Postfix) with ESMTP id E5B388FC26 for ; Mon, 28 Apr 2008 15:56:48 +0000 (UTC) (envelope-from nbari@k9.cx) Received: by nf-out-0910.google.com with SMTP id b2so3434370nfb.33 for ; Mon, 28 Apr 2008 08:56:41 -0700 (PDT) Received: by 10.210.37.11 with SMTP id k11mr5950821ebk.70.1209398201003; Mon, 28 Apr 2008 08:56:41 -0700 (PDT) Received: from ?10.50.46.92? ( [213.58.102.135]) by mx.google.com with ESMTPS id y2sm24445994mug.9.2008.04.28.08.56.36 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 28 Apr 2008 08:56:39 -0700 (PDT) Message-Id: <1C011E57-805A-4C2E-8DAD-8CABFB7E9368@k9.cx> From: Nicolas de Bari Embriz Garcia Rojas To: freebsd-jail@freebsd.org Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v919.2) Date: Mon, 28 Apr 2008 10:51:23 -0500 X-Mailer: Apple Mail (2.919.2) Subject: routing gif0 ipsec X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Apr 2008 15:56:50 -0000 Hi all, I am trying to all trafic from a gif0 interface used for a vpn to an public IP on the same server that is like an alias I have the following schema (FreeBSD 6.3) gif0: flags=8051 mtu 1280 tunnel inet 67.228.79.224 --> 74.86.163.16 inet 172.16.224.1 --> 172.16.16.1 netmask 0xffffffff em1: flags=8843 mtu 1500 options=1b inet 67.228.78.162 netmask 0xfffffff8 broadcast 67.228.78.167 inet 67.228.79.224 netmask 0xffffffff broadcast 67.228.79.224 The VPN from point 172.16.224.1 --> 172.16.16.1 works, I can ping/ telnet to 172.16.16.1 and get a response. The jail is running on IP 67.228.79.224 (same IP used for doing the VPN/IPSEC) but if I log int to that jail (jexec 1 csh) I can not ping 172.16.16.1 currently I am trying this with pf -- nat pass on gif0 from 67.228.79.224 to 172.16.16.1 -> 172.16.224.1 rdr pass on gif0 proto tcp from any to any port 80 -> 67.228.79.224 pass in log from any to any keep state pass out log from any to any keep state -- but is not working, from the jail (67.228.79.224) I can not ping/ telnet the VPN 172.16.16.1 there is a tool call jumpgate with the one I can redirect incoming tcp to gif0 and forward trafic to em1 with out problems, but instead I would like to use pf jumpgate -b 172.16.224.1 -l 80 -r 80 -a 67.228.79.224 with this i can telnet from the other end point to por 80 and i can forward the connection to the public IP of the jail through the vpn tunnel. any ideas on how to solve this issue using pf or maybe some routing rules. regards. From owner-freebsd-jail@FreeBSD.ORG Mon Apr 28 18:26:30 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DFE5E106566B for ; Mon, 28 Apr 2008 18:26:30 +0000 (UTC) (envelope-from jille@quis.cx) Received: from smtp2.versatel.nl (smtp2.versatel.nl [62.58.50.89]) by mx1.freebsd.org (Postfix) with ESMTP id 566C28FC26 for ; Mon, 28 Apr 2008 18:26:30 +0000 (UTC) (envelope-from jille@quis.cx) Received: (qmail 5658 invoked by uid 0); 28 Apr 2008 17:59:44 -0000 Received: from ip83-113-174-82.adsl2.versatel.nl (HELO istud.quis.cx) ([82.174.113.83]) (envelope-sender ) by smtp2.versatel.nl (qmail-ldap-1.03) with SMTP for < >; 28 Apr 2008 17:59:44 -0000 Received: by istud.quis.cx (Postfix, from userid 100) id 825DA39844; Mon, 28 Apr 2008 19:59:43 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on istud.quis.cx X-Spam-Level: X-Spam-Status: No, score=-3.9 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00 autolearn=ham version=3.2.4 Received: from [192.168.1.4] (ille [192.168.1.4]) by istud.quis.cx (Postfix) with ESMTP id 999083981D; Mon, 28 Apr 2008 19:59:40 +0200 (CEST) Message-ID: <48161085.7030002@quis.cx> Date: Mon, 28 Apr 2008 19:59:33 +0200 From: Jille User-Agent: Thunderbird 2.0.0.12 (Windows/20080213) MIME-Version: 1.0 To: Nicolas de Bari Embriz Garcia Rojas References: <1D3CC81F-19C9-4DAB-A2C8-3CC84C4528BD@k9.cx> In-Reply-To: <1D3CC81F-19C9-4DAB-A2C8-3CC84C4528BD@k9.cx> X-Enigmail-Version: 0.95.6 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-jail@freebsd.org, freebsd-pf@freebsd.org Subject: Re: routing gif0 ipsec X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Apr 2008 18:26:31 -0000 Hello Nicolas, Would you mind stopping to send your (same) email to all mailinglists, twice or more ? I've seen your problem in 7 mails already, I don't know a solution, but as you can see most people don't know it. It doesn't help resending it each time. I'm sorry for acting like a list-operator, but I think I speak for more people on the lists. -- Jille Nicolas de Bari Embriz Garcia Rojas schreef: > Hi all, I am trying to all trafic from a gif0 interface used for a vpn > to an public IP on the same server that is like an alias > > I have the following schema (FreeBSD 6.3) > > > gif0: flags=8051 mtu 1280 > tunnel inet 67.228.79.224 --> 74.86.163.16 > inet 172.16.224.1 --> 172.16.16.1 netmask 0xffffffff > > em1: flags=8843 mtu 1500 > options=1b > inet 67.228.78.162 netmask 0xfffffff8 broadcast 67.228.78.167 > inet 67.228.79.224 netmask 0xffffffff broadcast 67.228.79.224 > > > The VPN from point 172.16.224.1 --> 172.16.16.1 works, I can ping/telnet > to 172.16.16.1 and get a response. > > The jail is running on IP 67.228.79.224 (same IP used for doing the > VPN/IPSEC) but if I log int to that jail (jexec 1 csh) I can not ping > 172.16.16.1 > > currently I am trying this with pf > -- > nat pass on gif0 from 67.228.79.224 to 172.16.16.1 -> 172.16.224.1 > rdr pass on gif0 proto tcp from any to any port 80 -> 67.228.79.224 > > pass in log from any to any keep state > pass out log from any to any keep state > -- > but is not working, from the jail (67.228.79.224) I can not ping/telnet > the VPN 172.16.16.1 > > there is a tool call jumpgate with the one I can redirect incoming tcp > to gif0 and forward trafic to em1 with out problems, but instead I would > like to use pf > > jumpgate -b 172.16.224.1 -l 80 -r 80 -a 67.228.79.224 > > with this i can telnet from the other end point to por 80 and i can > forward the connection to the public IP of the jail through the vpn tunnel. > > any ideas on how to solve this issue using pf or maybe some routing rules. > > regards. > > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" From owner-freebsd-jail@FreeBSD.ORG Tue Apr 29 18:18:15 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 58D45106566C for ; Tue, 29 Apr 2008 18:18:15 +0000 (UTC) (envelope-from nbari@k9.cx) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.186]) by mx1.freebsd.org (Postfix) with ESMTP id E72DB8FC0C for ; Tue, 29 Apr 2008 18:18:14 +0000 (UTC) (envelope-from nbari@k9.cx) Received: by nf-out-0910.google.com with SMTP id h3so28791nfh.33 for ; Tue, 29 Apr 2008 11:18:13 -0700 (PDT) Received: by 10.210.58.17 with SMTP id g17mr7732279eba.190.1209493093329; Tue, 29 Apr 2008 11:18:13 -0700 (PDT) Received: from ?10.50.46.92? ( [213.58.102.135]) by mx.google.com with ESMTPS id y2sm839376mug.9.2008.04.29.11.18.10 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 29 Apr 2008 11:18:11 -0700 (PDT) Message-Id: From: Nicolas de Bari Embriz Garcia Rojas To: freebsd-pf@freebsd.org, freebsd-jail@freebsd.org In-Reply-To: <48161085.7030002@quis.cx> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v919.2) Date: Tue, 29 Apr 2008 13:18:08 -0500 References: <1D3CC81F-19C9-4DAB-A2C8-3CC84C4528BD@k9.cx> <48161085.7030002@quis.cx> X-Mailer: Apple Mail (2.919.2) Cc: Subject: Re: routing gif0 ipsec X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Apr 2008 18:18:15 -0000 Hi all, the solution to my problem was to recompile the kernel with this option: #options IPSEC_FILTERGIF now i can route/nat trafic with pf with out any problems, hope this can help some one. regards > > > Nicolas de Bari Embriz Garcia Rojas schreef: >> Hi all, I am trying to all trafic from a gif0 interface used for a >> vpn to an public IP on the same server that is like an alias >> I have the following schema (FreeBSD 6.3) >> gif0: flags=8051 mtu 1280 >> tunnel inet 67.228.79.224 --> 74.86.163.16 >> inet 172.16.224.1 --> 172.16.16.1 netmask 0xffffffff >> em1: flags=8843 mtu 1500 >> options=1b >> inet 67.228.78.162 netmask 0xfffffff8 broadcast 67.228.78.167 >> inet 67.228.79.224 netmask 0xffffffff broadcast 67.228.79.224 >> The VPN from point 172.16.224.1 --> 172.16.16.1 works, I can ping/ >> telnet to 172.16.16.1 and get a response. >> The jail is running on IP 67.228.79.224 (same IP used for doing the >> VPN/IPSEC) but if I log int to that jail (jexec 1 csh) I can not >> ping 172.16.16.1 >> currently I am trying this with pf >> -- >> nat pass on gif0 from 67.228.79.224 to 172.16.16.1 -> 172.16.224.1 >> rdr pass on gif0 proto tcp from any to any port 80 -> 67.228.79.224 >> pass in log from any to any keep state >> pass out log from any to any keep state >> -- >> but is not working, from the jail (67.228.79.224) I can not ping/ >> telnet the VPN 172.16.16.1 >> there is a tool call jumpgate with the one I can redirect incoming >> tcp to gif0 and forward trafic to em1 with out problems, but >> instead I would like to use pf >> jumpgate -b 172.16.224.1 -l 80 -r 80 -a 67.228.79.224 >> with this i can telnet from the other end point to por 80 and i can >> forward the connection to the public IP of the jail through the vpn >> tunnel. >> any ideas on how to solve this issue using pf or maybe some routing >> rules. >> regards. >> _______________________________________________ >> freebsd-pf@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-pf >> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" From owner-freebsd-jail@FreeBSD.ORG Tue Apr 29 22:35:59 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 332A7106566C for ; Tue, 29 Apr 2008 22:35:59 +0000 (UTC) (envelope-from tataz@tataz.chchile.org) Received: from postfix1-g20.free.fr (postfix1-g20.free.fr [212.27.60.42]) by mx1.freebsd.org (Postfix) with ESMTP id E75508FC17 for ; Tue, 29 Apr 2008 22:35:58 +0000 (UTC) (envelope-from tataz@tataz.chchile.org) Received: from smtp5-g19.free.fr (smtp5-g19.free.fr [212.27.42.35]) by postfix1-g20.free.fr (Postfix) with ESMTP id 6A8BD25931AF for ; Wed, 30 Apr 2008 00:10:45 +0200 (CEST) Received: from smtp5-g19.free.fr (localhost.localdomain [127.0.0.1]) by smtp5-g19.free.fr (Postfix) with ESMTP id 79CD43F61AC; Wed, 30 Apr 2008 00:10:43 +0200 (CEST) Received: from tatooine.tataz.chchile.org (tataz.chchile.org [82.233.239.98]) by smtp5-g19.free.fr (Postfix) with ESMTP id 2DA0A3F61A3; Wed, 30 Apr 2008 00:10:43 +0200 (CEST) Received: from obiwan.tataz.chchile.org (unknown [192.168.1.25]) by tatooine.tataz.chchile.org (Postfix) with ESMTP id F20D09F24D; Tue, 29 Apr 2008 22:08:32 +0000 (UTC) Received: by obiwan.tataz.chchile.org (Postfix, from userid 1000) id EAA244089; Wed, 30 Apr 2008 00:08:32 +0200 (CEST) Date: Wed, 30 Apr 2008 00:08:32 +0200 From: Jeremie Le Hen To: Jeffrey Smith Message-ID: <20080429220832.GB2836@obiwan.tataz.chchile.org> References: <1208720979.2082.13.camel@mrwizard.futurecis.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1208720979.2082.13.camel@mrwizard.futurecis.com> User-Agent: Mutt/1.5.15 (2007-04-06) Cc: freebsd-jail@freebsd.org Subject: Re: freebsd-update on jails X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Apr 2008 22:35:59 -0000 Hi Jeffrey, On Sun, Apr 20, 2008 at 03:49:39PM -0400, Jeffrey Smith wrote: > I previously posted a howto to use zfs to manage jails. The first Could you remind us the URL of this howto please? Thanks. Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > From owner-freebsd-jail@FreeBSD.ORG Wed Apr 30 01:04:06 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 776801065676 for ; Wed, 30 Apr 2008 01:04:06 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [91.103.162.4]) by mx1.freebsd.org (Postfix) with ESMTP id 3A5F78FC15 for ; Wed, 30 Apr 2008 01:04:05 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from localhost (localhost.codelab.cz [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id 183F919E023; Wed, 30 Apr 2008 03:04:04 +0200 (CEST) Received: from [192.168.1.2] (r5bb235.net.upc.cz [86.49.61.235]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id E4BFD19E019; Wed, 30 Apr 2008 03:04:01 +0200 (CEST) Message-ID: <4817C593.6030704@quip.cz> Date: Wed, 30 Apr 2008 03:04:19 +0200 From: Miroslav Lachman <000.fbsd@quip.cz> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.12) Gecko/20050915 X-Accept-Language: cz, cs, en, en-us MIME-Version: 1.0 To: freebsd-jail@freebsd.org References: <1208720979.2082.13.camel@mrwizard.futurecis.com> <20080429220832.GB2836@obiwan.tataz.chchile.org> In-Reply-To: <20080429220832.GB2836@obiwan.tataz.chchile.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: Subject: Re: freebsd-update on jails X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Apr 2008 01:04:06 -0000 Jeremie Le Hen wrote: > Hi Jeffrey, > > On Sun, Apr 20, 2008 at 03:49:39PM -0400, Jeffrey Smith wrote: > >> I previously posted a howto to use zfs to manage jails. The first > > > Could you remind us the URL of this howto please? It was in this mailing list at March with subject "ZFS Jails Management" Miroslav Lachman From owner-freebsd-jail@FreeBSD.ORG Wed Apr 30 09:36:34 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1CA9C106566C for ; Wed, 30 Apr 2008 09:36:34 +0000 (UTC) (envelope-from jeffrey.smith@futurecis.com) Received: from mail1.futurecis.com (static-72-66-21-14.washdc.fios.verizon.net [72.66.21.14]) by mx1.freebsd.org (Postfix) with ESMTP id A97DF8FC1A for ; Wed, 30 Apr 2008 09:36:33 +0000 (UTC) (envelope-from jeffrey.smith@futurecis.com) Received: (qmail 17828 invoked from network); 30 Apr 2008 09:36:45 -0000 Received: from unknown (HELO [10.0.0.97]) ([10.0.0.97]) (envelope-sender ) by mail1.futurecis.com (qmail-ldap-1.03) with SMTP for ; 30 Apr 2008 09:36:45 -0000 From: Jeffrey Smith To: Jeremie Le Hen In-Reply-To: <20080429220832.GB2836@obiwan.tataz.chchile.org> References: <1208720979.2082.13.camel@mrwizard.futurecis.com> <20080429220832.GB2836@obiwan.tataz.chchile.org> Content-Type: text/plain; charset=iso-8859-13 Organization: FutureCIS Date: Wed, 30 Apr 2008 05:36:20 -0400 Message-Id: <1209548180.45013.7.camel@mrwizard.futurecis.com> Mime-Version: 1.0 X-Mailer: Evolution 2.22.1 FreeBSD GNOME Team Port Content-Transfer-Encoding: 8bit Cc: freebsd-jail@freebsd.org Subject: Re: freebsd-update on jails X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Apr 2008 09:36:34 -0000 On Wed, 2008-04-30 at 00:08 +0200, Jeremie Le Hen wrote: > Hi Jeffrey, > > On Sun, Apr 20, 2008 at 03:49:39PM -0400, Jeffrey Smith wrote: > > I previously posted a howto to use zfs to manage jails. The first > > Could you remind us the URL of this howto please? > > Thanks. > Regards, I posted it here to this list, looking for recommendations. The only update I have for it is that freebsd-update doesn't work as ZFS doesn't yet support chflags. Other than that I am very happy with this setup. Can't wait for ZFS to mature to the point for this to work flawlessly. Here it is again ZFS Jails #zpool create pool #zfs create -o mountpoint=jails pool/jails #zfs create pool/jails/jailbase #mkdir -p /jails/7.0-RELEASE/base /jails/7.0-RELEASE/man pages #cd /jails/7.0-RELEASE/base NOTE: Files can also be copied from Disc1 cdrom #ftp ftp.freebsd.org:/pub/FreeBSD/releases/amd64/7.0-RELEASE/base/ ftp>mget * ftp>cd ../manpages ftp>lcd ../manpages ftp>mget * ftp>exit #export DESTDIR=/jails/jailbase #sh install.sh #cd ../manpages #sh install.sh #export DESTDIR=ˇˇ #mkdir -p /jails/jailbase/usr/ports #mount_nullfs /usr/ports /jails/jailbase/usr/ports #touch /jails/jailbase/etc/fstab #cp /etc/resolv.conf /jails/jailbase/etc #vi /etc/rc.conf # # Jail Defaults # jail_enable=ˇYESˇ jail_set_hostname_allow=ˇNOˇ jail_interface=ˇbge0ˇ jail_devfs_enable=ˇYESˇ jail_list=ˇjailbaseˇ # # jailbase.example.org # jail_jailbase_hostname=ˇjailbase.example.orgˇ jail_jailbase_ip=ˇ192.168.0.50ˇ jail_jailbase_rootdir=ˇ/jails/jailbaseˇ :wq #/etc/rc.d/jail start #jls #jexec 1 tcsh #set autolist NOTE: freebsd-update does not work, as ZFS does not support chflags. looking for a work around Install ports or package that all jails will require, such as bash and vim-lite #exit Back to host #zfs snapshot pool/jails/jailbase@YYYYMMDD# #zfs clone pool/jails/jailbase@YYYYMMDD# pool/jails/ns #zfs clone pool/jails/jailbase@YYYYMMDD# pool/jails/mail #zfs clone pool/jails/jailbase@YYYYMMDD# pool/jails/www #vi /etc/rc.conf ...snip... jail_list=ˇjailroot ns mail wwwˇ ...snip... # # ns.example.org # jail_ns_hostname=ˇns.example.orgˇ jail_ns_ip=ˇ192.168.0.51ˇ jail_ns_rootdir=ˇ/jails/nsˇ # # mail.example.org # jail_mail_hostname=ˇmail.example.orgˇ jail_mail_ip=ˇ192.168.0.52ˇ jail_ns_rootdir=ˇ/jails/mailˇ # # www.example.org # jail_www_hostname=ˇwww.example.orgˇ jail_www_ip=ˇ192.168.0.53ˇ jail_www_rootdir=ˇ/jails/wwwˇ :wq #/etc/rc.d/jail start #jls