Computer

FreeBSD jails note

Lars Sommer, lasg@lasg.dk, 2009-05-20
DISCLAIMER: This is a personal note made for personal usage. It might not be easy usable nor explaining.

Install these ports:
sysutils/jailutils
sysutils/ezjail

If "make buildworld" just has been done, then 
 ezjail-admin update -i
to install the recently build world is fine.
Otherwise, do
 ezjail-admin update -b
first, and wait some time for world building

Fix a nice jail flavour:
cd /usr/jails/flavours
cp -Rv default teknix

Uncomment the sshd in etc/rc.conf
Copy the config files from backup into the flavour

---

Create examples:

 ezjail-admin create -f teknix lasg-ws 192.168.1.54
 ezjail-admin create -f teknix -i -s 5G -c eli tor 192.168.1.53
/usr/local/etc/rc.d/ezjail.sh start lasg-ws
/usr/local/etc/rc.d/ezjail.sh start tor

Automatic start of jails:

Add to rc.conf:
 ezjail_enable="YES"

---

First connection and user creation:
Start the jail
Find the jail ID using jls
Spawn a shell by as root using
jexec jid tcsh 

do:
passwd
adduser
correct sshd_config


---

Port forwarding:
SWITCH TO PF; IPF IS OBSOLETE!!
#vi /etc/ipnat.rules 
#rdr xl0 0.0.0.0/0 port 2250 -> 192.168.1.50 port 22
#rdr xl0 0.0.0.0/0 port 2251 -> 192.168.1.51 port 22
#/etc/rc.d/ipnat restart

---

rc.conf ifconfig aliases

vi /etc/rc.conf

ifconfig_vr0_alias0="inet 192.168.1.50 netmask 255.255.255.255"
ifconfig_vr0_alias1="inet 192.168.1.51 netmask 255.255.255.255"
ifconfig_vr0_alias2="inet 192.168.1.52 netmask 255.255.255.255"

---

When a jail is started, you should be able to ssh into it.

As default, the login is admin/admin, and no root password.
After ssh'ing in, change with:
 su
 adduser
 pw user del admin
 passwd

To install a ports tree, do the following inside the jail:
 rm /usr/ports
 mkdir /usr/ports
 portsnap fetch extract update

Leave a Reply

Din e-mailadresse vil ikke blive publiceret. Krævede felter er markeret med *