Lars Sommer, [email protected], 2009-05-20
DISCLAIMER: This is a personal note made for personal usage. It might not be easy usable nor explaining.
Install these ports: sysutils/jailutils sysutils/ezjail If "make buildworld" just has been done, then ezjail-admin update -i to install the recently build world is fine. Otherwise, do ezjail-admin update -b first, and wait some time for world building Fix a nice jail flavour: cd /usr/jails/flavours cp -Rv default teknix Uncomment the sshd in etc/rc.conf Copy the config files from backup into the flavour --- Create examples: ezjail-admin create -f teknix lasg-ws 192.168.1.54 ezjail-admin create -f teknix -i -s 5G -c eli tor 192.168.1.53 /usr/local/etc/rc.d/ezjail.sh start lasg-ws /usr/local/etc/rc.d/ezjail.sh start tor Automatic start of jails: Add to rc.conf: ezjail_enable="YES" --- First connection and user creation: Start the jail Find the jail ID using jls Spawn a shell by as root using jexec jid tcsh do: passwd adduser correct sshd_config --- Port forwarding: SWITCH TO PF; IPF IS OBSOLETE!! #vi /etc/ipnat.rules #rdr xl0 0.0.0.0/0 port 2250 -> 192.168.1.50 port 22 #rdr xl0 0.0.0.0/0 port 2251 -> 192.168.1.51 port 22 #/etc/rc.d/ipnat restart --- rc.conf ifconfig aliases vi /etc/rc.conf ifconfig_vr0_alias0="inet 192.168.1.50 netmask 255.255.255.255" ifconfig_vr0_alias1="inet 192.168.1.51 netmask 255.255.255.255" ifconfig_vr0_alias2="inet 192.168.1.52 netmask 255.255.255.255" --- When a jail is started, you should be able to ssh into it. As default, the login is admin/admin, and no root password. After ssh'ing in, change with: su adduser pw user del admin passwd To install a ports tree, do the following inside the jail: rm /usr/ports mkdir /usr/ports portsnap fetch extract update
