Date: Mon, 29 Jul 2013 15:43:58 +0200 From: Ollivier Robert <roberto@keltia.net> To: freebsd-jail@freebsd.org Subject: jail design Message-ID: <20130729134335.GD13529@roberto02-aw.erc.corp.eurocontrol.int>
next in thread | raw e-mail | index | archive | help
Hello, I have a new server I'm going to run all my services on (www, smtp/imap, and so on). Running 9.2-BETA1, full ZFS-on-root. What is the best practices about jails knowing that: - I have only one IPv4 - I have a full /48 IPv6 to play with I've looked at ezjail which is doing most of what I need but it does not support ip4/ip6=inherit parameters (and no jail.conf support either) so my networking setup is more complicated. All the other packages like qjail have only limited ZFS support. Do I need to setup pf to redirect all traffic in/out for specific ports to my jails? Or do I try to shoehorn "inherit" into ezjail? Is inherit easier to deal with? What are the security implications? I need something as easy as ezjail or a way to tweek it, with - one jail for smtp/imap - one for www stuff, ideally one jail per hosted domain (using nginx) I'm a jail newbie, in case you haven't found it already :) Thanks, -- Ollivier ROBERT -=- FreeBSD: The Power to Serve! -=- roberto@keltia.net In memoriam to Ondine, our 2nd child: http://ondine.keltia.net/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130729134335.GD13529>