Date: Fri, 06 Nov 2009 19:59:26 +0000 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Bill Moran <wmoran@potentialtech.com> Cc: Roger <rnodal@gmail.com>, freebsd-questions@freebsd.org Subject: Re: Help understanding basic FreeBSD concepts (ports, updates, jails) Message-ID: <4AF4801E.9050806@infracaninophile.co.uk> In-Reply-To: <20091106132232.303cf7c3.wmoran@potentialtech.com> References: <9d972bed0911060931k4ee2a5b7n9d62db23beeb6367@mail.gmail.com> <4AF4670F.7040103@otenet.gr> <20091106132232.303cf7c3.wmoran@potentialtech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] Bill Moran wrote: > In response to Manolis Kiagias <sonicy@otenet.gr>: > >> Roger wrote: >> >>> My third item is jails. I currently have only one external IP. I would >>> like to setup two jails, one for apache and the other for postfix. >>> Would that require more external IPs? If I wanted to have ssh access >>> to the host and the jails that would definitely will require 3 >>> external IPs right? > > You can do some funky address aliasing with (for example) pf or ipfw, but > it gets rather complex. > > So, the answer is, "No, you don't need multiple IPs, but the setup gets > rather complicated if you don't have multiple IPs. As a result, most > people who do this will have multiple IPs." > Oh, it's not so complex as all that[*]. You will need at least an IP per jail *but* these don't have to be on the external, world visible network interface. You can create aliases on the loopback interface for this purpose. The downside is that you have to use pf to redirect traffic into the jail from the outside interface based on some unique combination of IP number and network port, which means that you can't have eg. sshd(8) in the host system and in the jail both listening on the external port 22. You either have to hop through the host system or you have to redirect traffic to some other some other ports (eg 2201 for the first jail, 2202 for the second) into the jailed sshd's. I sketched out how to do this sort of thing in a post a year or so back: http://lists.freebsd.org/pipermail/freebsd-questions/2008-March/171748.html it should be fairly easy to generalise that to multiple jails. Cheers, Matthew [*] Well, alright, yes, it is quite an advanced topic and probably not something you should be trying before you've got a bit more FreeBSD experience under your belt. -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.13 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEAREIAAYFAkr0gCQACgkQ8Mjk52CukIzS3wCcCEQRXrq+qzVX+smXmAKF/ht7 YAsAoIsKtzcxvrommxtvnFCW332h0ONb =zVMI -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4AF4801E.9050806>