Date: Fri, 11 Dec 2015 21:59:11 -0500 From: "Michael B. Eichorn" <ike@michaeleichorn.com> To: marcel <marcel.plouf@gmail.com>, Dirk Engling <erdgeist@erdgeist.org>, freebsd-jail@freebsd.org Subject: Re: Configuring network without ezjail Message-ID: <1449889151.23602.24.camel@michaeleichorn.com> In-Reply-To: <1449888253.23602.14.camel@michaeleichorn.com> References: <566B67F7.1090404@gmail.com> <566B5CB6.8050009@erdgeist.org> <566B7D7E.2070507@gmail.com> <566B8183.3080306@gmail.com> <1449888253.23602.14.camel@michaeleichorn.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 2015-12-11 at 21:44 -0500, Michael B. Eichorn wrote:
> On Sat, 2015-12-12 at 02:08 +0000, marcel wrote:
> > ... and I think I have enabling gateway, I wrote thins in both of
> > my
> > rc.conf (jail and host):
> >
> > gateway_enable="YES"
> >
> > Is it correct ?
>
> You only need gateway_enable if you are doing routing, it is not
> necessary for a typical jail setup. Most of the time you are just
> adding an alias to the host's nic.
>
> >
> > But I don't think I have DNS problems, my host correctly access to
> > the
> > internet and the resolv.conf of my jail and my host are same...
> >
> > On 12/12/2015 01:50, marcel wrote:
> > > No I don't get to have an IP address... Yet I have writed this in
> > > my
> > > host's rc.conf:
> > >
> > > jail_enable="YES"
> > > jail_list="thename"
> > > jail_guantanamo_rootdir="thepath"
> > > jail_guantanamo_hostname="thename"
> > > jail_guantanamo_ip="192.168.0.12"
> > >
> > > and I use the command:
> > >
> > > jail thepath thename 192.168.0.12 /bin/csh
> > >
> > > to connect to my jail...
> > >
> > > On 11/12/2015 23:31, Dirk Engling wrote:
> > > > On 12.12.15 01:19, marcel wrote:
> > > >
> > > > > I would like to know if it is possible to configure a jail's
> > > > > network for
> > > > > accessing to the World Wide Web but without ezjail ?
> > > > > I have created my jail without ezjail (mkdir jail, make
> > > > > installworld,
> > > > > etc...) and I would like to continue without it if it's
> > > > > possible...
> > > > Sure, why doesn't it connect to the net? Does it have a RFC1918
> > > > IP? If
> > > > so, you need to enable NAT. If not, did you enable gatewaying?
> > > > Maybe you
> > > > just have DNS problems, so is your resolv.conf set up properly?
> > > >
> > > > Without knowing what exactly is not working, I can not help
> > > > you.
> > > >
> > > > erdgeist
>
> I think you found some old instructions, assuming a 10.x system here
> is
> the boilerplate for a typical jail:
>
> rc.conf:
>
> jail_enable="YES"
>
> jail.conf:
>
> interface = re0;
> mount.devfs;
> exec.start = "/bin/sh /etc/rc";
> exec.stop = "/bin/sh /etc/rc.shutdown";
>
> thenameofthejail {
> host.hostname = host.domain.tld;
> path = /the/path/to/the/jail
> ip4.addr = 192.168.0.12;
> }
>
> and start it up with
>
> # jail -c thenameofthejail
>
> And another handy tip you can avoid building a jail with make by
> extacting the base.txz file found in places like the install media
> into
> the jail directory
Oh and before I forget, the trickiest thing for me moving from ezjail
to jail was updating. Assuming your jails are complete base systems and
that you would like to use binary updates with freebsd-update, and you
have completely sparated jails without any funny tricks to save space,
here is Ike's simple jail update guide:
edit the jail's freebsd-update.conf and change
Components src world kernel
-to-
Components world
then run freebsd-update like so:
# freebsd-update -b /usr/jails/jaildir \
-f usr/jails/jaildir/etc/freebsd-update.conf \
-d /usr/jails/jaildir/var/db/freebsd-update fetch
# freebsd-update -b /usr/jails/jaildir \
-f /usr/jails/jaildir/etc/freebsd-update.conf \
-d /usr/jails/jaildir/var/db/freebsd-update install
Using the -f flag keeps the jail from using the host config since jails
cannot update kernels anyway. And -d keeps jails and hosts from
trampling each other which is nice if you want to do more than one at a
time, or if you use freebsd-update cron.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1449889151.23602.24.camel>