Brice ERRANDONEA wrote:
Hello,
I've just created my first FreeBSD jail in order to install a web server inside.
But I don't know how to connect it to the web. When I try pinging a http
website, it doesn't work. Of course, it works when I do it from outside the
jail.
Another problem, probably linked to the first one, I can't run rc within the
jail, even as the jail's root. It says : permission denied.
Here's how I built and started my jail. I had already run make buildworld when
upgrading to 8.1 release :
# mkdir /usr/prison
# cd /usr/src
# make installworld DESTDIR=/usr/prison
# make distribution DESTDIR=/usr/prison
# mount -t devfs devfs /usr/prison/dev
# jail -c path=/usr/prison host.hostname=ServeurWeb ip4.addr=192.1.1.1 persist
# jail /usr/prison ServeurWeb 192.1.1.1 csh
I guess this must be a very basic question but please help me.
1. ping is a security risk from within a jail and is disabled by design.
(read jail(8) for details). No use using a jail if the first thing you
do is re-enable ping in the jail. To test for public internet connection
from within a jail use dig or whois commands.
2. Using the hosts firewall to drive traffic to a jail is a sign you
have your jail incorrectly configured or do not understand how jails are
intended to work.
3. Jail do not have a network stack of their own, so they cant have a
firewall. The host's firewall and and network stack are in control.
4. There are 2 utilities for creating jails. Qjail the better documented
of the 2, is designed for the novice which clearly you are. I strongly
suggest you checkout
http://sourceforge.net/projects/qjail
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
