Re: Some questions about jails on FreeBSD9.0-RC1
I have setup one jail using ezjail. My first surprise is that ezjail only installs -RELEASE versions and not RC versions. Ok, I supouse that it is normal. But my first question is: can I install a FreeBSD 8.2 jail under a FreeBSD 9.0 host?? I have upgraded my ezjails using something like: env UNAME_r=8.2-RELEASE freebsd-update -b /usr/jails/basejail -r 9.0-RC1 upgrade install This is some hassle, for example, one has to upgrade /etc and /var in /usr/jails/newjail by hand. (And maybe even more, not completely sure there.) ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: Some questions about jails on FreeBSD9.0-RC1
On 10/26/2011 08:09 AM, lego...@legolasweb.nl wrote:
I have setup one jail using ezjail. My first surprise is that
ezjail only installs -RELEASE versions and not RC versions. Ok, I
supouse that it is normal. But my first question is: can I install a
FreeBSD 8.2 jail under a FreeBSD 9.0 host??
I have upgraded my ezjails using something like:
env UNAME_r=8.2-RELEASE freebsd-update -b /usr/jails/basejail -r 9.0-RC1
upgrade install
This is some hassle, for example, one has to upgrade /etc and /var in
/usr/jails/newjail by hand. (And maybe even more, not completely sure
there.)
is not possible to update the jail using ejzail-admin update -u
instead of use freebsd-update directly??
--
CL Martinez
carlopmart {at} gmail {d0t} com
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: Some questions about jails on FreeBSD9.0-RC1
On 10/26/2011 03:12 AM, Patrick Lamaiziere wrote:
Le Tue, 25 Oct 2011 22:52:55 +0200,
carlopmartcarlopm...@gmail.com a écrit :
Hello,
I have installed one FreeBSD 9.0-RC1 host to run different services
(dns, smtp and www only) using jails. This host has two physical
nics: em0 and em1. em0 is assigned to pyhiscal host, and I would like
to assign em1 to jails. But em0 and em1 are on different networks:
em0 is on 192.168.1.0/24 and em1 in 192.168.2.0/29.
I have setup one jail using ezjail. My first surprise is that
ezjail only installs -RELEASE versions and not RC versions. Ok, I
supouse that it is normal. But my first question is: can I install a
FreeBSD 8.2 jail under a FreeBSD 9.0 host??
You may run 8.2 installed ports on 9.0 by using the port
/usr/ports/misc/compat8x/
But I suggest to upgrade the port ASAP.
And the real question: How do I need to configure network under
this jail to access it? I have configured ifconfig param for em1 on
host's rc.conf, but what about the default route under this jail?? I
thought to use pf rules, but I am not sure.
jail enforces the use of the jail IP address in the jail, but that's
all. Just enable routing on the host.
But, that is not possible. Between host and jail exists a firewall ... I
can't do simple routing with the host. Maybe a posible solution is to
use policy source routing ??
--
CL Martinez
carlopmart {at} gmail {d0t} com
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: Some questions about jails on FreeBSD9.0-RC1
On 10/26/2011 12:38 AM, George Kontostanos wrote:
On Tue, Oct 25, 2011 at 11:52 PM, carlopmartcarlopm...@gmail.com wrote:
Hi all,
I have installed one FreeBSD 9.0-RC1 host to run different services (dns,
smtp and www only) using jails. This host has two physical nics: em0 and
em1. em0 is assigned to pyhiscal host, and I would like to assign em1 to
jails. But em0 and em1 are on different networks: em0 is on 192.168.1.0/24
and em1 in 192.168.2.0/29.
I have setup one jail using ezjail. My first surprise is that ezjail only
installs -RELEASE versions and not RC versions. Ok, I supouse that it is
normal. But my first question is: can I install a FreeBSD 8.2 jail under a
FreeBSD 9.0 host??
ezjail doesn't necessarily install a release version. ezjail-admin
update -p -i will install the basejail from your source.
I have installed this jail using ezjail-admin install. I can't compile
source every time that I need to do an update in this host ...
And the real question: How do I need to configure network under this jail
to access it? I have configured ifconfig param for em1 on host's rc.conf,
but what about the default route under this jail?? I thought to use pf
rules, but I am not sure.
gateway_enable=YES
should take care of this.
In host or in the jail??
Thanks.
--
CL Martinez
carlopmart {at} gmail {d0t} com
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Regards
--
CL Martinez
carlopmart {at} gmail {d0t} com
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: Some questions about jails on FreeBSD9.0-RC1
On 10/26/2011 08:09 AM, lego...@legolasweb.nl wrote: I have setup one jail using ezjail. My first surprise is that ezjail only installs -RELEASE versions and not RC versions. Ok, I supouse that it is normal. But my first question is: can I install a FreeBSD 8.2 jail under a FreeBSD 9.0 host?? I have upgraded my ezjails using something like: env UNAME_r=8.2-RELEASE freebsd-update -b /usr/jails/basejail -r 9.0-RC1 upgrade install This is some hassle, for example, one has to upgrade /etc and /var in /usr/jails/newjail by hand. (And maybe even more, not completely sure there.) is not possible to update the jail using ejzail-admin update -u instead of use freebsd-update directly?? Updating can be done, upgrading not. (Thus, a security update can be done, a full version not, if I understand it correctly.) This functionality exists (prematurely) in CVS: https://erdgeist.org/cvsweb/ezjail/ezjail-admin.diff?r1=1.263r2=1.264f=h ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: Some questions about jails on FreeBSD9.0-RC1
On 10/26/2011 10:09 AM, lego...@legolasweb.nl wrote:
On 10/26/2011 08:09 AM, lego...@legolasweb.nl wrote:
I have setup one jail using ezjail. My first surprise is that
ezjail only installs -RELEASE versions and not RC versions. Ok, I
supouse that it is normal. But my first question is: can I install a
FreeBSD 8.2 jail under a FreeBSD 9.0 host??
I have upgraded my ezjails using something like:
env UNAME_r=8.2-RELEASE freebsd-update -b /usr/jails/basejail -r
9.0-RC1
upgrade install
This is some hassle, for example, one has to upgrade /etc and /var in
/usr/jails/newjail by hand. (And maybe even more, not completely sure
there.)
is not possible to update the jail using ejzail-admin update -u
instead of use freebsd-update directly??
Updating can be done, upgrading not. (Thus, a security update can be done,
a full version not, if I understand it correctly.)
This functionality exists (prematurely) in CVS:
https://erdgeist.org/cvsweb/ezjail/ezjail-admin.diff?r1=1.263r2=1.264f=h
Me too ... But downloading latest ezjail-admin code from cvs:
885 # Make the host systems os version our target version
886 # Users can override this by setting the UNAME_r
environment variable
887 ezjail_osversion_target=`uname -r`
888
889 # Finally run freebsd-update to upgrade our basejail
890 env UNAME_r=${ezjail_osversion_source} freebsd-update -b
${ezjail_jailbase} -r ${ezjail_osversion_target} upgrade install
If I am not wrong, it is possible to do a full upgrade between
releases, right??
ezjail-admin cvs's version is 1.269:
# $Id: ezjail-admin,v 1.269 2011/07/27 11:20:32 erdgeist Exp $
--
CL Martinez
carlopmart {at} gmail {d0t} com
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: Some questions about jails on FreeBSD9.0-RC1
On 26.10.2011 10:33, carlopmart wrote:
On 10/26/2011 10:09 AM, lego...@legolasweb.nl wrote:
On 10/26/2011 08:09 AM, lego...@legolasweb.nl wrote:
I have setup one jail using ezjail. My first surprise is
that
ezjail only installs -RELEASE versions and not RC versions. Ok,
I
supouse that it is normal. But my first question is: can I
install a
FreeBSD 8.2 jail under a FreeBSD 9.0 host??
I have upgraded my ezjails using something like:
env UNAME_r=8.2-RELEASE freebsd-update -b /usr/jails/basejail -r
9.0-RC1
upgrade install
This is some hassle, for example, one has to upgrade /etc and /var
in
/usr/jails/newjail by hand. (And maybe even more, not completely
sure
there.)
is not possible to update the jail using ejzail-admin update -u
instead of use freebsd-update directly??
Updating can be done, upgrading not. (Thus, a security update can be
done,
a full version not, if I understand it correctly.)
This functionality exists (prematurely) in CVS:
https://erdgeist.org/cvsweb/ezjail/ezjail-admin.diff?r1=1.263r2=1.264f=h
Me too ... But downloading latest ezjail-admin code from cvs:
885 # Make the host systems os version our target version
886 # Users can override this by setting the UNAME_r
environment variable
887 ezjail_osversion_target=`uname -r`
888
889 # Finally run freebsd-update to upgrade our basejail
890 env UNAME_r=${ezjail_osversion_source} freebsd-update
-b ${ezjail_jailbase} -r ${ezjail_osversion_target} upgrade install
If I am not wrong, it is possible to do a full upgrade between
releases, right??
ezjail-admin cvs's version is 1.269:
# $Id: ezjail-admin,v 1.269 2011/07/27 11:20:32 erdgeist Exp $
I think the installing of the new world is not included. (Thus, the
part after the first reboot when doing a freebsd-update to 9.0-RC1 on
the host system.)
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Fwd: Re: Some questions about jails on FreeBSD9.0-RC1
On 26.10.2011 10:33, carlopmart wrote:
On 10/26/2011 10:09 AM, lego...@legolasweb.nl wrote:
On 10/26/2011 08:09 AM, lego...@legolasweb.nl wrote:
I have setup one jail using ezjail. My first surprise is
that
ezjail only installs -RELEASE versions and not RC versions. Ok,
I
supouse that it is normal. But my first question is: can I
install a
FreeBSD 8.2 jail under a FreeBSD 9.0 host??
I have upgraded my ezjails using something like:
env UNAME_r=8.2-RELEASE freebsd-update -b /usr/jails/basejail -r
9.0-RC1
upgrade install
This is some hassle, for example, one has to upgrade /etc and /var
in
/usr/jails/newjail by hand. (And maybe even more, not completely
sure
there.)
is not possible to update the jail using ejzail-admin update -u
instead of use freebsd-update directly??
Updating can be done, upgrading not. (Thus, a security update can be
done,
a full version not, if I understand it correctly.)
This functionality exists (prematurely) in CVS:
https://erdgeist.org/cvsweb/ezjail/ezjail-admin.diff?r1=1.263r2=1.264f=h
Me too ... But downloading latest ezjail-admin code from cvs:
885 # Make the host systems os version our target version
886 # Users can override this by setting the UNAME_r
environment variable
887 ezjail_osversion_target=`uname -r`
888
889 # Finally run freebsd-update to upgrade our basejail
890 env UNAME_r=${ezjail_osversion_source} freebsd-update
-b ${ezjail_jailbase} -r ${ezjail_osversion_target} upgrade install
If I am not wrong, it is possible to do a full upgrade between
releases, right??
ezjail-admin cvs's version is 1.269:
# $Id: ezjail-admin,v 1.269 2011/07/27 11:20:32 erdgeist Exp $
I think the installing of the new world is not included. (Thus, the
part after the first reboot when doing a freebsd-update to 9.0-RC1 on
the host system.)
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: Some questions about jails on FreeBSD9.0-RC1
On 10/26/2011 03:12 AM, Patrick Lamaiziere wrote:
Le Tue, 25 Oct 2011 22:52:55 +0200,
carlopmartcarlopm...@gmail.com a écrit :
Hello,
I have installed one FreeBSD 9.0-RC1 host to run different services
(dns, smtp and www only) using jails. This host has two physical
nics: em0 and em1. em0 is assigned to pyhiscal host, and I would like
to assign em1 to jails. But em0 and em1 are on different networks:
em0 is on 192.168.1.0/24 and em1 in 192.168.2.0/29.
I have setup one jail using ezjail. My first surprise is that
ezjail only installs -RELEASE versions and not RC versions. Ok, I
supouse that it is normal. But my first question is: can I install a
FreeBSD 8.2 jail under a FreeBSD 9.0 host??
You may run 8.2 installed ports on 9.0 by using the port
/usr/ports/misc/compat8x/
But I suggest to upgrade the port ASAP.
And the real question: How do I need to configure network under
this jail to access it? I have configured ifconfig param for em1 on
host's rc.conf, but what about the default route under this jail?? I
thought to use pf rules, but I am not sure.
jail enforces the use of the jail IP address in the jail, but that's
all. Just enable routing on the host.
But, that is not possible. Between host and jail exists a firewall ... I
can't do simple routing with the host. Maybe a posible solution is to
use policy source routing ??
--
CL Martinez
carlopmart {at} gmail {d0t} com
___
I'm using FIBs. The host is in on a private network with gateway of
192.168.1.1 and jails are on public network with their own real/public
gateway.
FIBs work without the box becoming a gateway:
%grep gateway /etc/rc.conf
gateway_enable=NO
I have this in system startup to setup public gateway for jails:
%cat /usr/local/etc/rc.d/0.setfib.sh
#!/bin/sh
echo setfib 1 for public jails
/usr/sbin/setfib 1 /sbin/route add default 216.241.167.1
and in /usr/local/etc/ezjail/myjail I added this line to the end of configs:
export jail_myjail_fib=1
[/usr/sbin/jail has FIB support built in, but at that time ezjail did not,
so I had to manually add it in the config - nowadays I believe ezjail has
FIB support natively, but the resulting config file is the same]
The host is using NAT to get out via private IP, and jails are available
via public IP. All the IPs are defined in rc.conf the normal _alias way.
FIB support as I remember needs a custom kernel - not sure about 9, this
is in 8.2.
I even run openbsd spamd on the host and using FIBs to start the spamd
daemon via a 'setfib 1' wrapper script:
%cat /usr/local/etc/rc.d/obspamdfib.sh
#!/bin/sh
#
# this just calls the orignal file, but with setfib 1
/usr/sbin/setfib 1 /usr/local/etc/rc.d.fib/obspamd $1
I had moved the 'obspamd' startup script to rc.d.fib just so a 'setfib 1'
wrapper is called.
]Peter[
FIBs are awesome when you don't have many public IPs and when host is
_only_ a jail host running no services
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: Some questions about jails on FreeBSD9.0-RC1
On Tue, Oct 25, 2011 at 11:52 PM, carlopmart carlopm...@gmail.com wrote:
Hi all,
I have installed one FreeBSD 9.0-RC1 host to run different services (dns,
smtp and www only) using jails. This host has two physical nics: em0 and
em1. em0 is assigned to pyhiscal host, and I would like to assign em1 to
jails. But em0 and em1 are on different networks: em0 is on 192.168.1.0/24
and em1 in 192.168.2.0/29.
I have setup one jail using ezjail. My first surprise is that ezjail only
installs -RELEASE versions and not RC versions. Ok, I supouse that it is
normal. But my first question is: can I install a FreeBSD 8.2 jail under a
FreeBSD 9.0 host??
ezjail doesn't necessarily install a release version. ezjail-admin
update -p -i will install the basejail from your source.
And the real question: How do I need to configure network under this jail
to access it? I have configured ifconfig param for em1 on host's rc.conf,
but what about the default route under this jail?? I thought to use pf
rules, but I am not sure.
gateway_enable=YES
should take care of this.
Thanks.
--
CL Martinez
carlopmart {at} gmail {d0t} com
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Regards
--
George Kontostanos
aisecure.net
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: Some questions about jails on FreeBSD9.0-RC1
Le Tue, 25 Oct 2011 22:52:55 +0200, carlopmart carlopm...@gmail.com a écrit : Hello, I have installed one FreeBSD 9.0-RC1 host to run different services (dns, smtp and www only) using jails. This host has two physical nics: em0 and em1. em0 is assigned to pyhiscal host, and I would like to assign em1 to jails. But em0 and em1 are on different networks: em0 is on 192.168.1.0/24 and em1 in 192.168.2.0/29. I have setup one jail using ezjail. My first surprise is that ezjail only installs -RELEASE versions and not RC versions. Ok, I supouse that it is normal. But my first question is: can I install a FreeBSD 8.2 jail under a FreeBSD 9.0 host?? You may run 8.2 installed ports on 9.0 by using the port /usr/ports/misc/compat8x/ But I suggest to upgrade the port ASAP. And the real question: How do I need to configure network under this jail to access it? I have configured ifconfig param for em1 on host's rc.conf, but what about the default route under this jail?? I thought to use pf rules, but I am not sure. jail enforces the use of the jail IP address in the jail, but that's all. Just enable routing on the host. Also be sure that the host's daemons don't bind on the jail IP address, as explained in the man page of jail (Setting up the Host Environment). Regards. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
