From owner-freebsd-questions@FreeBSD.ORG Tue Dec 7 09:08:53 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 35D6B1065670 for ; Tue, 7 Dec 2010 09:08:53 +0000 (UTC) (envelope-from mailinglistmember@mgwigglesworth.net) Received: from mail.mgwigglesworth.net (mail.mgwigglesworth.net [75.146.26.81]) by mx1.freebsd.org (Postfix) with ESMTP id D753A8FC1A for ; Tue, 7 Dec 2010 09:08:52 +0000 (UTC) To: freebsd-questions@freebsd.org Date: Tue, 07 Dec 2010 04:08:09 -0500 Envelope-To: freebsd-questions@freebsd.org References: <4CFC5E3A.6050202@herveybayaustralia.com.au> Message-ID: <4CFDF979.7000602@mgwigglesworth.net> From: "Martes G Wigglesworth" Received: from devsystem.mgwigglesworth.net (192.168.5.12 [192.168.5.12]) by mail.mgwigglesworth.net; Tue, 07 Dec 2010 05:01:34 -0500 Organization: M. G. Wigglesworth Holdings, LLC User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.12) Gecko/20101027 Lightning/1.0b2 Thunderbird/3.1.6 MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: Can a home LAN server use a jail as a router? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: mailinglistmember@mgwigglesworth.net List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Dec 2010 09:08:53 -0000 On 12/05/2010 10:53 PM, Da Rock wrote: > Is it possible to use FreeBSD to create three "jails" on one > box, so that one jail can be a router to the internet, and the other > two can be webservers? What you seem to need is to run the host as a router, and create two or three more jails on top of that router kernel. The default should be a router and the secondary functions should be the jail. I think you just need to read a bit more on how jails are used on the BSD platform and it will be clear to you. > I wanted to create an environment where if one > webserver got compromised, the other webserver would be unaffected. This would be the true use of jails in your environment. You want to isolate web services such as Apache installs into jails so if they get compromised then you don't have to worry about the rest of the system becoming completely compromised. > So I would > also like to make a jail to be a samba server. I believe that you can install samba inside a jailed environment as well, however, I have never done this, so I am not familiar with how it will be done, however, I have a Bind-9 environment where the external internet interface serves the internet my public information, and there is a second jail which hosts dns for the internal segment. So I can see how Samba can be installed in a jail, and it would make appropriate sense to do so. I hope this helps you in your investigation(s). -- Respectfully, Martes G Wigglesworth M. G. Wigglesworth Holdings, LLC www.mgwigglesworth.net