From owner-freebsd-questions@FreeBSD.ORG Mon Mar 22 01:44:46 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6C7361065672 for ; Mon, 22 Mar 2010 01:44:46 +0000 (UTC) (envelope-from subscriber+freebsd@markshroyer.com) Received: from frodo.paleogene.net (frodo.paleogene.net [206.125.175.178]) by mx1.freebsd.org (Postfix) with ESMTP id 5244E8FC21 for ; Mon, 22 Mar 2010 01:44:46 +0000 (UTC) Received: from auth-client.paleogene.net (auth-client.paleogene.net [206.125.175.178]) (Authenticated sender: hidden) by frodo.paleogene.net (Postfix) with ESMTPSA id C05BC3F416 for ; Sun, 21 Mar 2010 21:44:45 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=markshroyer.com; s=default; t=1269222286; bh=vm1Zw5Nh6SX8YW0ojS1NXsKREXD20geaeUF7jB49Sm8=; h=Message-ID:Date:From:MIME-Version:To:Subject:References: In-Reply-To:Content-Type:Content-Transfer-Encoding; b=PcRc/YkVhwzHfEzB9RrCPU602tVJMpOrVdzBZvmq1I7Ti5wuAnyNxkJAsxDOe6VsR YnOrFJ8+UtpIjLDJUsI4Q0Vn2HY11whDVyJIsdqAbtQOGR7PhvcPerE5EuqGIJSfrc pEdXFEouGgN/jNepc5UvA1nBa9kZ9MtLeMPIjYVg= Message-ID: <4BA6CB8B.8070309@markshroyer.com> Date: Sun, 21 Mar 2010 21:44:43 -0400 From: Mark Shroyer User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.8) Gecko/20100227 Thunderbird/3.0.3 MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <4BA5AA53.5030503@comclark.com> <4BA69566.2040504@markshroyer.com> <4BA6B80F.7050806@comclark.com> In-Reply-To: <4BA6B80F.7050806@comclark.com> X-Enigmail-Version: 1.0.1 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: ezjail X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Mar 2010 01:44:46 -0000 On 3/21/2010 8:21 PM, Aiza wrote: > Does the ip address notation for the jail include the port number? > Like 10.0.20.2:80 Nat port forwarding is the long way around just to get > the correct port number to the jail ip address. Nope, jails are assigned one (or more) specific IP addresses, but not specific port numbers. So if you don't have a separate public IP for your jail, you'll be relying on some sort of packet filter to redirect traffic to its private IP address. This isn't as big a deal as it may sound, especially if you're already using PF, which has built-in packet redirection capabilities that do not require you to run a separate NAT daemon. > I found the man ezjail-admin has this format > ezjail-admin install -h file:// Where -h file:// means get the > binaries from the host system the jails are running on. Am I correct? Yes, according to the man page. I haven't tried it yet myself, since I set up my basejail before this option was available. > My understanding of handbook section 15.6 Application of Jails > (service jails)is a copy of the host binaries is populated into the > basejail and all the other jails have read only access to it. Each guest > jail also has a read/write space for installing ports/packages unique to > that jail including /var /usr /etc. Am I correct? Is this how ezjail is > configured now? Yes, that's correct. -- Mark Shroyer http://markshroyer.com/contact/