From owner-freebsd-questions@freebsd.org Mon Dec 10 10:19:06 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CAC63131A3E8 for ; Mon, 10 Dec 2018 10:19:06 +0000 (UTC) (envelope-from reneka10@yahoo.fr) Received: from sonic311-30.consmr.mail.ir2.yahoo.com (sonic311-30.consmr.mail.ir2.yahoo.com [77.238.176.162]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 17DEC719EA for ; Mon, 10 Dec 2018 10:19:05 +0000 (UTC) (envelope-from reneka10@yahoo.fr) X-YMail-OSG: hXPuvTkVM1keqb2eQO7ApBZPjMfUDFEJDNtTBMVicnlvOz9Ku31VR82N5js2INE lWcruoQ_ukoeXbVCfL5t_2CvqLOawIIU3_.DbFhFybfRG7ceqLEk5fMIISqGpoTs5lmcRfo6xTae 8cMwRdZUIPrA6qW7s7gc8FM3OmyXPLGx9ptVGSzITEjP1lQu7xX9hiz2u2MMkG1WjtsrVhsMwvPS _ZQqi43evJm4BHMgecjFiDlQnlLcBNhauiES.48TcAmQrjJR0HHGU0.aeTR_xb1rIfbTbNIR8htf nlM2QtWF.Sb2nfbyV2baf4lfIjUF5k8gj.FHnggnjBZAhsOsMnw4_FoSmUHtMQF9DP9WRj__.tn7 6qrnC4jHBgF2AoW6JVETieJQ36wnwCLK8RDsQpXm_2lullm4LwjW1V4K2mFOkh8asBHfyQvrTShE RSV0b4tnBYi2VBjT8PSZ_VxCzp7ApdqxhL4jxsG81.AXrnkGQsYKSz6kaigYg6njfLW4cd7uooMM aNr40jpA8a1IxMYu8y7VCmBCfqAgK706erA1VRZgMbSjKdhWpOsO0ujgKwEqXQ52iVqcOni.tPUX BD1_NcpMHdFXrWz8QGwBj1ZZVQhPEcjdXtx61O5DlKYGJhi7f8HYikpGcQYFG1W0rQeOUR0ShGk1 D308xDx3qm4.Wc.fA5czjJqYVYo7kOgcRMX.gJWAKzizl8es1HtbMUhGuQ.N1D5XEQne2aPGX9G9 1JAm51XleLbnaqdScjA4FS8nAfr5ZOytqVsKLCC9S9Y3V5tKrrAkXN85pssnJuqYjNpiA2gl.gqv BXrX.gFzGnPoJVGD7VFCQWMGLWYbGac5vO8A0OGn5ecSUCq__BjI9W3sv13psLMlWkDTy5U5.e2B s3IWbU7HkAaGb1k.LPU87GXLY3LJ5Y7liFo8Hpz6x2.TdBAavjdmqIIOmnh20_f07ORV9BIcJc3D UAkbHPtfOf1RsekKxqkVkr.8ITWXgn9KL1STg3XodTl9fYeQpxVWKWnfsYb7ZBHVRu8z7 Received: from sonic.gate.mail.ne1.yahoo.com by sonic311.consmr.mail.ir2.yahoo.com with HTTP; Mon, 10 Dec 2018 10:18:59 +0000 Date: Mon, 10 Dec 2018 10:18:55 +0000 (UTC) From: Shyaka Rene To: FreeBSD Questions Message-ID: <249307665.2300179.1544437135772@mail.yahoo.com> Subject: freebsd jails advice MIME-Version: 1.0 References: <249307665.2300179.1544437135772.ref@mail.yahoo.com> X-Mailer: WebService/1.1.12857 YMailNorrin Mozilla/5.0 (Windows NT 6.1; rv:62.0) Gecko/20100101 Firefox/62.0 X-Rspamd-Queue-Id: 17DEC719EA X-Spamd-Result: default: False [3.38 / 15.00]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[yahoo.fr]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ptr:yahoo.com]; FREEMAIL_FROM(0.00)[yahoo.fr]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_SPAM_SHORT(0.62)[0.622,0]; NEURAL_SPAM_MEDIUM(0.99)[0.989,0]; RCPT_COUNT_ONE(0.00)[1]; IP_SCORE(1.89)[ip: (5.30), ipnet: 77.238.176.0/22(2.35), asn: 34010(1.90), country: GB(-0.10)]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[yahoo.fr:+]; MX_GOOD(-0.01)[cached: mx-eu.mail.am0.yahoodns.net]; RCVD_IN_DNSWL_NONE(0.00)[162.176.238.77.list.dnswl.org : 127.0.5.0]; DMARC_POLICY_ALLOW(-0.50)[yahoo.fr,reject]; NEURAL_SPAM_LONG(0.89)[0.887,0]; FROM_EQ_ENVFROM(0.00)[]; RCVD_TLS_LAST(0.00)[]; FREEMAIL_ENVFROM(0.00)[yahoo.fr]; ASN(0.00)[asn:34010, ipnet:77.238.176.0/22, country:GB]; RCVD_COUNT_TWO(0.00)[2]; RWL_MAILSPIKE_POSSIBLE(0.00)[162.176.238.77.rep.mailspike.net : 127.0.0.17] X-Rspamd-Server: mx1.freebsd.org Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Dec 2018 10:19:07 -0000 hello, I don't have experience with freebsd or system administration, but i= need your advice suppose I have this scenario with 2 computers 1) server (not big just 8GB RAM) machine with virtualbox or openstack insta= lled with any OS =C2=A0=C2=A0 =C2=A0- virtual machine 1 for java development with eclipse in= stalled =C2=A0=C2=A0 =C2=A0- virtual machine 2 for php development with eclipse =C2=A0=C2=A0 =C2=A0- virtual machine 3 for testing anything all these virtual machines have graphical user interface installed (windows= or gnome any OS) 2) client machine for accessing virtual machines using remote desktop or VN= C client. my problem is Is it possible to change this senario to Freebsd and jails with x11server i= nstalled on jails and access them using x11client? 1) server machine (freebsd) =C2=A0=C2=A0 =C2=A0- jail 1 (x11 server) =C2=A0=C2=A0 =C2=A0- jail 2 (x11 server) =C2=A0=C2=A0 =C2=A0- jail 3 (x11 server) 2) client machine (access jails with xclient) thank you for your advice From owner-freebsd-questions@freebsd.org Mon Dec 10 11:51:57 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A0D341322A44 for ; Mon, 10 Dec 2018 11:51:57 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from smtp.infracaninophile.co.uk (smtp.infracaninophile.co.uk [IPv6:2001:8b0:151:1:c4ea:bd49:619b:6cb3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.infracaninophile.co.uk", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id E654474D9E for ; Mon, 10 Dec 2018 11:51:56 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from leaf.local (unknown [88.202.132.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: m.seaman@infracaninophile.co.uk) by smtp.infracaninophile.co.uk (Postfix) with ESMTPSA id 71D5A77F9 for ; Mon, 10 Dec 2018 11:51:48 +0000 (UTC) Authentication-Results: smtp.infracaninophile.co.uk; dmarc=none (p=none dis=none) header.from=FreeBSD.org Authentication-Results: smtp.infracaninophile.co.uk/71D5A77F9; dkim=none; dkim-atps=neutral Subject: Re: frebsd jails advice To: freebsd-questions@freebsd.org References: <556380033.2269176.1544437025342.ref@mail.yahoo.com> <556380033.2269176.1544437025342@mail.yahoo.com> From: Matthew Seaman Message-ID: <5f200ac3-68cb-84f3-02b2-f224ef392b91@FreeBSD.org> Date: Mon, 10 Dec 2018 11:51:30 +0000 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <556380033.2269176.1544437025342@mail.yahoo.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-GB Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: E654474D9E X-Spamd-Result: default: False [-2.99 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; NEURAL_HAM_SHORT(-0.99)[-0.989,0]; ASN(0.00)[asn:20712, ipnet:2001:8b0::/32, country:GB]; NEURAL_HAM_LONG(-1.00)[-0.999,0] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Dec 2018 11:51:57 -0000 On 10/12/2018 10:17, Shyaka Rene via freebsd-questions wrote: > > hello, I don't have experience with freebsd or system administration, but i need your advice > > suppose I have this scenario with 2 computers > > 1) server (not big just 8GB RAM) machine with virtualbox or openstack installed with any OS >     - virtual machine 1 for java development with eclipse installed >     - virtual machine 2 for php development with eclipse >     - virtual machine 3 for testing anything > all these virtual machines have graphical user interface installed (windows or gnome any OS) > 2) client machine for accessing virtual machines using remote desktop or VNC client. > > my problem is > Is it possible to change this senario to Freebsd and jails with x11server installed on jails > and access them using x11client? > 1) server machine (freebsd) >     - jail 1 (x11 server) >     - jail 2 (x11 server) >     - jail 3 (x11 server) > 2) client machine (access jails with xclient) > thank you for your advice Yes, this is certainly possible, but a bit more complicated than you might hope. You've got the client and server sides of X mixed up. The X server is the bit which controls the display -- ie. it runs on your laptop or desktop machine. The X client is the piece of software that you are trying to interact with through that display -- so, eclipse in this case. Clients can be run either locally or remotely. It's confusing because it is the other way round from just about any other network accessible service where you run a local client to connect to a server which could also be local but is almost always remote. So, you don't need an X server in each of the jails. You just need your X capable software in each jail and you need to set the DISPLAY environment variable correctly so that will talk to your X server on your local desktop. Pease do not use remote X11 access across a network in plaintext. That's roughly of the same order of badness as using things like rsh or rlogin. Instead, set up your jails with ssh and ssh into each of them, forwarding an X connection over SSH (which will typically set up thigs like DISPLAY appropriately in the environment for you.) This means that the X client only needs to talk on the loopback address in order to feed the traffic into the SSH session. Unfortunately with standard FreeBSD jails, there isn't a loopback interface within the jail, and any attempt to connect to the loopback is transparently redirected to connect to the jail external interface, which kind of confounds the whole security arrangement there. So make sure to write your firewall rules carefully to prevent X traffic egressing from your jails onto the network at large. You might consider investigating VNET jails, which are new in 12.0-RELEASE (due out Real Soon Now), where individual jails *do* have their own loopback addresses, but these are a bit more complex to set up. Cheers, Matthew