Date: Wed, 4 Dec 2002 12:01:27 -0400 (AST) From: "Marc G. Fournier" <scrappy@hub.org> To: Jeff MacDonald <jeff@interchange.ca> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Another Jail Question Message-ID: <20021204115636.V36076-100000@hub.org> In-Reply-To: <HJEPJELDKPJEEIIFNLNHAEBLCBAA.jeff@interchange.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 4 Dec 2002, Jeff MacDonald wrote: > Hi, > > I have been thinking about running 2 jails on my home server > one for "work sensitive" data, the other for personal fun stuff. > > However i only have 1 ip at my house [static]. > > Could i take the server taht will have jails on it, put it behind > a natd box so it has 2 ip's [192.168.0.1 and .2] and just make > the nat box, forward packets to teh appropriate jail based upon > what port they come in on ? Jeff, check with Chris on this, as I believe he's actually running a game server inside of one of his jails, with his machine running off of the one IP ... in fact, and I may be wrong about this, but you *should* be able to avoid the other machine altogether and use IPFW for this, as I *believe* (haven't played with it yet) IPFW has a redirect facility that might do it for you ... so you'd have use dummynet to create a 'fake ethernet' for the 192.168.0.* address(es) for the jail's to bind on ... > also, if i have host machine with 2 jails in it, i know i can't run > PostgreSQL in the jails, can i run it on the host environment and make > the jails access it via TCP ? Actually, you *can* run PgSQL inside of the jail ... the issue is that there are security implications of doing that ... the shared memory isn't "per jail", so someone in another jail could attach to the shared memory in another jail ... by default, shared memory access is disabled inside a jail, but there is a sysctl value you can set to enable it ... but, yes, you can access the server via tcp at the host level as well ... > server is a dual PII 300 with 512 megs of ram, this should be fine > to handle 2 jails, right ? unless you start gettinjg into high memory circumstances (ie. jakarta-tomcat is a major dog for memory), 2 wouldn't be a problem ... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021204115636.V36076-100000>