From owner-freebsd-questions@FreeBSD.ORG Sun Mar 21 22:16:47 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 798A3106566B for ; Sun, 21 Mar 2010 22:16:47 +0000 (UTC) (envelope-from freebsd-questions@m.gmane.org) Received: from lo.gmane.org (lo.gmane.org [80.91.229.12]) by mx1.freebsd.org (Postfix) with ESMTP id 33E358FC28 for ; Sun, 21 Mar 2010 22:16:46 +0000 (UTC) Received: from list by lo.gmane.org with local (Exim 4.69) (envelope-from ) id 1NtTRt-0002pj-9e for freebsd-questions@freebsd.org; Sun, 21 Mar 2010 23:16:45 +0100 Received: from pool-68-239-65-75.res.east.verizon.net ([68.239.65.75]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sun, 21 Mar 2010 23:16:45 +0100 Received: from nightrecon by pool-68-239-65-75.res.east.verizon.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sun, 21 Mar 2010 23:16:45 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-questions@freebsd.org From: Michael Powell Followup-To: gmane.os.freebsd.questions Date: Sun, 21 Mar 2010 18:16:07 -0400 Lines: 36 Message-ID: References: <4BA5AA53.5030503@comclark.com> <4BA69566.2040504@markshroyer.com> Mime-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: 7Bit X-Complaints-To: usenet@dough.gmane.org X-Gmane-NNTP-Posting-Host: pool-68-239-65-75.res.east.verizon.net Subject: Re: ezjail X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 21 Mar 2010 22:16:47 -0000 Mark Shroyer wrote: > On 3/21/2010 1:10 AM, Aiza wrote: >> I don't have sources installed on my system. Just use the binary >> Freebsd-update function. At new releases I do a clean install. >> I only have a single public IP address. >> >> Now I would like to play with jails. One for postfix, apache, and ftp. >> My reading of EZJAIL and the jails section of the handbook lead me to >> believe I need a unique IP address for each jail. Is that correct? > > Yes. But if you have only one public IP address, you can give the jail > a loopback interface with an address in 127.0.0/24 or one of the RFC > 1918 private blocks (there's some debate as to which is the more > "correct" type of address to use, but either will work), then use NAT if > you need your jail to be able to access the Internet. > > If it helps you to reason about this, keep in mind that your jail does > *not* have its own virtualized network stack, like with Solaris Zones > for instance. The best way to think about your jails is as a group of > processes running on the same operating system as the host, just with > the restriction that (among other things) they can only communicate with > the outside world using a limited subset of the IP addresses available > to non-jailed processes. > You might find the below interesting. Only just begun reading/studying it myself. http://www.freebsd.org/releases/8.0R/relnotes-detailed.html#KERNEL [snip] -Mike