Afenioux's Blog page

3am; darkness; Maintenance window closing. Safety net: rollback.

FreeBSD Jails

Written by Arnaud no comments

We will use ezjail to make it easier :

pkg install ezjail
ezjail-admin install

service ezjail start

Create your first jail and connect to it (we will NAT the jail in this example):

ezjail-admin create myjailname 'lo1|'
ezjail-admin start myjailname
ezjail-admin list
ezjail-admin console myjailname

Allow raw sockets (needed for ping, but not recommanded) by editing /usr/local/etc/ezjail/myjailname:

export jail_myjailname_parameters="allow.raw_sockets=1"

Enable features on skeleton of jails :

echo sshd_enable="YES" >> /usr/jails/newjail/etc/rc.conf

Enable NAT and port redirection in /etc/pf.conf:

ext_if = "em0"
int_if = "lo1"
rdr on $ext_if proto udp to port 1194 -> port 1194
nat on $ext_if from $int_if:network -> ($ext_if)

Start PF and Check/Load PF config :

service pf onestart
pfctl -vf /etc/pf.conf
pfctl -e

Enable at startup in /etc/rc.conf :



more about PF :

more about ezjail :

Classified in : UNIX Tags : none

Comments are closed.

Rss feed of the article's comments