On 04/06/2010 10:15, Alexander Leidinger wrote:
Quoting Andrew Hotlab <[email protected]> (from Thu, 3 Jun
2010 22:04:44 +0000):
I've never had to make Squid listening on port 80, but referring its
startup script in /usr/local/etc/rc.d/:
# squid_user: The user id that should be used to run the Squid master
# process. Default: squid.
# Note that you probably need to define
"squid_user=root" if
# you want to run Squid in reverse proxy setups or if
you want
# Squid to listen on a "privileged" port < 1024.
So you only need to write the following line in /etc/rc.conf to have
Squid listening on this privileged port:
squid_user="root"
An alternative is to change the sysctl
net.inet.ip.portrange.reservedhigh. By lowering it, other users than
root are allowed to bind to ports <1023 (the system prevents non-root
binds to the port X in the range reservedlow <= X <= reservedhigh).
Bye,
Alexander.
Many thanks guys for the responses!! I will see which method best fits
me... I guess I will take Andrew's suggestion as I don't really want to
open up the port range to *all* users however I guess it doesn't really
matter as by default Solaris 9 which Squid was originally on I don't
think blocked or disallowed anything and I certainly know that Linux
doesn't really care either!
jail_enable="YES"
jail_list="named_1 named_2 squid"
jail_named_1_rootdir="/var/jail/named_1"
jail_named_1_hostname="ns1.optiplex-networks.com"
jail_interface="em0"
jail_named_1_ip="192.168.1.100"
#jail_named_1_exec_start="/usr/local/bin/named"
jail_named_1_devfs_enable="YES"
jail_named_2_rootdir="/var/jail/named_2"
jail_named_2_hostname="ns2.optiplex-networks.com"
jail_interface="em0"
jail_named_2_ip="192.168.1.101"
jail_named_2_devfs_enable="YES"
jail_squid_rootdir="/var/jail/squid"
jail_squid_hostname="proxy.optiplex-networks.com"
jail_interface="em0"
jail_squid_ip="192.168.1.110"
jail_squid_devfs_enable="YES"
jail_postfix_rootdir="/var/jail/postfix"
jail_postfix_hostname="relay.optiplex-networks.com"
jail_interface="em0"
jail_postfix_ip="192.168.1.115"
jail_postfix_devfs_enable="YES"
These lines are in the file/etc/rc.conf on the jail host?
Yes.
If you created all jails with ezjail,> there should be nothing like that: all
jail_ vars would
have been written in files stored in
/usr/local/etc/ezjail/ (by default). If you are managing all jails with
ezjail you can safely
delete all these entries in the host's rc.conf (only remember to leave
ezjail_enable="YES" if you> want automatic startup of all jails at boot time)
I didn't use ezjail... I was recommended to take the plunge in to the deep end
and try to learn Jails by doing things manually. This is what I ended up with!!
- although they do seem to work pretty well as far as I can tell.
Regards,
Kaya
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "[email protected]"
