07.03.2013 16:29, Yoann Gini пишет: > > Le 7 mars 2013 à 10:58, Boris Samorodov <[email protected]> a écrit : > >> 07.03.2013 12:48, Yoann Gini пишет: >> >>> I need to share this IP, I’ve only one and I would like to avoid playing >>> with NAT… >> >> One IP may be shared but for different services (ports). > > That what I’ve understand and what I’ve planned. > >>> If someone have a idea… >> >> Give some more information: >> 1. OS version, OS arch. > > FreeBSD srv0.public.example.com 9.1-RELEASE FreeBSD 9.1-RELEASE #0 r243825: > Tue Dec 4 09:23:10 UTC 2012 > [email protected]:/usr/obj/usr/src/sys/GENERIC amd64 > >> 2. Jail configuration (at least one) from /etc and LOCALBASE/etc/ezjail. > > What do you want in /etc ? Except the fstab, I don’t see any config here, the > fstab look like that: > > /home/jails/basejail /home/jails/front0.public.example.com/basejail nullfs ro > 0 0 > /usr/ports /home/jails/front0.public.example.com/usr/ports > nullfs ro 0 0 > > And here is the ezjail config > > export jail_front0_public_example_com_hostname="front0.public.example.com" > export jail_front0_public_example_com_ip=« > IPv6Prefix::80,SharedIPv4,10.42.0.2" > export > jail_front0_public_example_com_rootdir="/home/jails/front0.public.example.com" > export jail_front0_public_example_com_exec_start="/bin/sh /etc/rc" > export jail_front0_public_example_com_exec_stop="" > export jail_front0_public_example_com_mount_enable="YES" > export jail_front0_public_example_com_devfs_enable="YES" > export jail_front0_public_example_com_devfs_ruleset="devfsrules_jail" > export jail_front0_public_example_com_procfs_enable="YES" > export jail_front0_public_example_com_fdescfs_enable="YES" > export jail_front0_public_example_com_image="" > export jail_front0_public_example_com_imagetype="" > export jail_front0_public_example_com_attachparams="" > export jail_front0_public_example_com_attachblocking="" > export jail_front0_public_example_com_forceblocking="" > export jail_front0_public_example_com_zfs_datasets="" > export jail_front0_public_example_com_cpuset="" > export jail_front0_public_example_com_fib="" > >> 3. What do you want to achieve. > > I want a setup with: > — srv0 listen only for SSH on a alternate port for supervision on public > IPv4/6 ; > — front0 to handle any public services (web, DNS, e-mail) on public IPv4/6 ; > — service0 to handle internal services (git, redmine, AFP sharepoints…) on > private IP and SSH on a other alternate port on public IPv4/6 ; > — gateway0 to act as a VPN server and webproxy to secure access to private > services on service0 and act as a secure gateway to encrypt network traffic > for road-warriors on public network. > > In the end, I will dispatch those services on different server but for now I > only access to one system, so I would like to prepare the setup to be > dispatched on different hardware when the budget come.
That's all seems reasonable... > Actually, if I remove the SharedIPv4 from the jails, it works. Did you configure any sysctl parameters for jails? -- WBR, Boris Samorodov (bsam) FreeBSD Committer, http://www.FreeBSD.org The Power To Serve _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "[email protected]"
