From owner-freebsd-jail@FreeBSD.ORG Fri Jun 4 08:05:21 2010 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8DC691065672 for ; Fri, 4 Jun 2010 08:05:21 +0000 (UTC) (envelope-from SamanKaya@netscape.net) Received: from imr-db01.mx.aol.com (imr-db01.mx.aol.com [205.188.91.95]) by mx1.freebsd.org (Postfix) with ESMTP id 4BF558FC24 for ; Fri, 4 Jun 2010 08:05:20 +0000 (UTC) Received: from mtaout-mb01.r1000.mx.aol.com (mtaout-mb01.r1000.mx.aol.com [172.29.41.65]) by imr-db01.mx.aol.com (8.14.1/8.14.1) with ESMTP id o54853eP030521; Fri, 4 Jun 2010 04:05:04 -0400 Received: from [192.168.0.49] (unknown [85.105.64.2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mtaout-mb01.r1000.mx.aol.com (MUA/Third Party Client Interface) with ESMTPSA id BA6D2E0000BC; Fri, 4 Jun 2010 04:05:02 -0400 (EDT) Message-ID: <4C08B2F7.4050904@netscape.net> Date: Fri, 04 Jun 2010 11:01:59 +0300 From: Kaya Saman User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.9) Gecko/20100317 Thunderbird/3.0.4 MIME-Version: 1.0 To: Alexander Leidinger References: <20100604091511.123441fooipqt0ys@webmail.leidinger.net> In-Reply-To: <20100604091511.123441fooipqt0ys@webmail.leidinger.net> x-aol-global-disposition: G X-AOL-SCOLL-SCORE: 0:2:433861696:93952408 X-AOL-SCOLL-URL_COUNT: 0 x-aol-sid: 3039ac1d29414c08b3ae4efd X-AOL-IP: 85.105.64.2 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-jail@freebsd.org Subject: Re: Strange things happening with jails?? Not starting up on boot or services not running inside! X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Jun 2010 08:05:21 -0000 On 04/06/2010 10:15, Alexander Leidinger wrote: > Quoting Andrew Hotlab (from Thu, 3 Jun > 2010 22:04:44 +0000): > >> I've never had to make Squid listening on port 80, but referring its >> startup script in /usr/local/etc/rc.d/: >> >> # squid_user: The user id that should be used to run the Squid master >> # process. Default: squid. >> # Note that you probably need to define >> "squid_user=root" if >> # you want to run Squid in reverse proxy setups or if >> you want >> # Squid to listen on a "privileged" port < 1024. >> >> So you only need to write the following line in /etc/rc.conf to have >> Squid listening on this privileged port: >> squid_user="root" > > An alternative is to change the sysctl > net.inet.ip.portrange.reservedhigh. By lowering it, other users than > root are allowed to bind to ports <1023 (the system prevents non-root > binds to the port X in the range reservedlow <= X <= reservedhigh). > > Bye, > Alexander. > Many thanks guys for the responses!! I will see which method best fits me... I guess I will take Andrew's suggestion as I don't really want to open up the port range to *all* users however I guess it doesn't really matter as by default Solaris 9 which Squid was originally on I don't think blocked or disallowed anything and I certainly know that Linux doesn't really care either! > jail_enable="YES" > jail_list="named_1 named_2 squid" > jail_named_1_rootdir="/var/jail/named_1" > jail_named_1_hostname="ns1.optiplex-networks.com" > jail_interface="em0" > jail_named_1_ip="192.168.1.100" > #jail_named_1_exec_start="/usr/local/bin/named" > jail_named_1_devfs_enable="YES" > jail_named_2_rootdir="/var/jail/named_2" > jail_named_2_hostname="ns2.optiplex-networks.com" > jail_interface="em0" > jail_named_2_ip="192.168.1.101" > jail_named_2_devfs_enable="YES" > jail_squid_rootdir="/var/jail/squid" > jail_squid_hostname="proxy.optiplex-networks.com" > jail_interface="em0" > jail_squid_ip="192.168.1.110" > jail_squid_devfs_enable="YES" > jail_postfix_rootdir="/var/jail/postfix" > jail_postfix_hostname="relay.optiplex-networks.com" > jail_interface="em0" > jail_postfix_ip="192.168.1.115" > jail_postfix_devfs_enable="YES" > > > These lines are in the file/etc/rc.conf on the jail host? Yes. > If you created all jails with ezjail,> there should be nothing like that: all jail_ vars would > have been written in files stored in > /usr/local/etc/ezjail/ (by default). If you are managing all jails with ezjail you can safely > delete all these entries in the host's rc.conf (only remember to leave ezjail_enable="YES" if you> want automatic startup of all jails at boot time) I didn't use ezjail... I was recommended to take the plunge in to the deep end and try to learn Jails by doing things manually. This is what I ended up with!! - although they do seem to work pretty well as far as I can tell. Regards, Kaya