Date: Thu, 07 Mar 2013 20:39:47 +0400 From: Boris Samorodov <bsam@passap.ru> To: Yoann Gini <yoann.gini@gmail.com> Cc: freebsd-jail@freebsd.org Subject: =?UTF-8?B?UmU6IElQdjQgYWRkcmVzc2VzIGNsYXNoIC8gamFpbHMgbm90IHdvcms=?= =?UTF-8?B?aW5nIGFmdGVyIHJlYm9vdOKApg==?= Message-ID: <5138C2D3.5080505@passap.ru> In-Reply-To: <B2490966-A735-4016-9176-19ABD576E485@gmail.com> References: <AB3DFF28-207C-44B1-AEF4-4331B7959436@gmail.com> <55865.68.255.104.38.1362619385.squirrel@cosmo.uchicago.edu> <6C130E1F-6CDC-4328-A300-5B483B8B4940@gmail.com> <513864D5.1070900@passap.ru> <B2490966-A735-4016-9176-19ABD576E485@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
07.03.2013 16:29, Yoann Gini пишет: > > Le 7 mars 2013 à 10:58, Boris Samorodov <bsam@passap.ru> a écrit : > >> 07.03.2013 12:48, Yoann Gini пишет: >> >>> I need to share this IP, I’ve only one and I would like to avoid playing with NAT… >> >> One IP may be shared but for different services (ports). > > That what I’ve understand and what I’ve planned. > >>> If someone have a idea… >> >> Give some more information: >> 1. OS version, OS arch. > > FreeBSD srv0.public.example.com 9.1-RELEASE FreeBSD 9.1-RELEASE #0 r243825: Tue Dec 4 09:23:10 UTC 2012 root@farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64 > >> 2. Jail configuration (at least one) from /etc and LOCALBASE/etc/ezjail. > > What do you want in /etc ? Except the fstab, I don’t see any config here, the fstab look like that: > > /home/jails/basejail /home/jails/front0.public.example.com/basejail nullfs ro 0 0 > /usr/ports /home/jails/front0.public.example.com/usr/ports nullfs ro 0 0 > > And here is the ezjail config > > export jail_front0_public_example_com_hostname="front0.public.example.com" > export jail_front0_public_example_com_ip=« IPv6Prefix::80,SharedIPv4,10.42.0.2" > export jail_front0_public_example_com_rootdir="/home/jails/front0.public.example.com" > export jail_front0_public_example_com_exec_start="/bin/sh /etc/rc" > export jail_front0_public_example_com_exec_stop="" > export jail_front0_public_example_com_mount_enable="YES" > export jail_front0_public_example_com_devfs_enable="YES" > export jail_front0_public_example_com_devfs_ruleset="devfsrules_jail" > export jail_front0_public_example_com_procfs_enable="YES" > export jail_front0_public_example_com_fdescfs_enable="YES" > export jail_front0_public_example_com_image="" > export jail_front0_public_example_com_imagetype="" > export jail_front0_public_example_com_attachparams="" > export jail_front0_public_example_com_attachblocking="" > export jail_front0_public_example_com_forceblocking="" > export jail_front0_public_example_com_zfs_datasets="" > export jail_front0_public_example_com_cpuset="" > export jail_front0_public_example_com_fib="" > >> 3. What do you want to achieve. > > I want a setup with: > — srv0 listen only for SSH on a alternate port for supervision on public IPv4/6 ; > — front0 to handle any public services (web, DNS, e-mail) on public IPv4/6 ; > — service0 to handle internal services (git, redmine, AFP sharepoints…) on private IP and SSH on a other alternate port on public IPv4/6 ; > — gateway0 to act as a VPN server and webproxy to secure access to private services on service0 and act as a secure gateway to encrypt network traffic for road-warriors on public network. > > In the end, I will dispatch those services on different server but for now I only access to one system, so I would like to prepare the setup to be dispatched on different hardware when the budget come. That's all seems reasonable... > Actually, if I remove the SharedIPv4 from the jails, it works. Did you configure any sysctl parameters for jails? -- WBR, Boris Samorodov (bsam) FreeBSD Committer, http://www.FreeBSD.org The Power To Serve
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5138C2D3.5080505>