FreeBSD jails note
Lars Sommer, lasg@lasg.dk, 2009-05-20
DISCLAIMER: This is a personal note made for personal usage. It might not be easy usable nor explaining.
Install these ports:
sysutils/jailutils
sysutils/ezjail
If “make buildworld” just has been done, then
ezjail-admin update -i
to install the recently build world is fine.
Otherwise, do
ezjail-admin update -b
first, and wait some time for world building
Fix a nice jail flavour:
cd /usr/jails/flavours
cp -Rv default teknix
Uncomment the sshd in etc/rc.conf
Copy the config files from backup into the flavour
—
Create examples:
ezjail-admin create -f teknix lasg-ws 192.168.1.54
ezjail-admin create -f teknix -i -s 5G -c eli tor 192.168.1.53
/usr/local/etc/rc.d/ezjail.sh start lasg-ws
/usr/local/etc/rc.d/ezjail.sh start tor
Automatic start of jails:
Add to rc.conf:
ezjail_enable=”YES”
—
First connection and user creation:
Start the jail
Find the jail ID using jls
Spawn a shell by as root using
jexec jid tcsh
do:
passwd
adduser
correct sshd_config
—
Port forwarding:
SWITCH TO PF; IPF IS OBSOLETE!!
#vi /etc/ipnat.rules
#rdr xl0 0.0.0.0/0 port 2250 -> 192.168.1.50 port 22
#rdr xl0 0.0.0.0/0 port 2251 -> 192.168.1.51 port 22
#/etc/rc.d/ipnat restart
—
rc.conf ifconfig aliases
vi /etc/rc.conf
ifconfig_vr0_alias0=”inet 192.168.1.50 netmask 255.255.255.255″
ifconfig_vr0_alias1=”inet 192.168.1.51 netmask 255.255.255.255″
ifconfig_vr0_alias2=”inet 192.168.1.52 netmask 255.255.255.255″
—
When a jail is started, you should be able to ssh into it.
As default, the login is admin/admin, and no root password.
After ssh’ing in, change with:
su
adduser
pw user del admin
passwd
To install a ports tree, do the following inside the jail:
rm /usr/ports
mkdir /usr/ports
portsnap fetch extract update
