On Fri, October 15, 2010 2:54 pm, Ivan Voras wrote: > Since jails can do many things there are many "helper" utilities that > can do much to simplify the process. If you can hack python, you can, > for example, modify my script at > http://ivoras.sharanet.org/stuff/mkjails.py which I've used to create a > thousand very light-weight jails which are started and managed using > only standard FreeBSD tools. > > In any case, read rc.conf(5) man page for the jail_* settings.
snip > This is the more complex question; I think that everything which needs > direct access to the NIC (i.e. BPF, DHCP, IPFW, etc.) will need to be > run on the host system. TCP services will work inside jails without > problems, but with jails it's almost the same as if they were on another > system. If you do use NAT you will have to configure it on the host. > Instead, you can also use TCP proxies (like bsdproxy). It's up to you > how much complexity do you want in your system, but for simplicity I > would set up a single outward-facing IP address and then proxy TCP > services where I need them. Thanks for the helpful replies. I am experimenting with some ideas on a VM now. It certainly does seem more logical to have the firewall, VPN and NAT rules in the base system and everything else jailed. I can just about get by with Python and your script looks like it could be of use - thanks for sharing it. Matt. _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"