Installing from ports:
# whereis ezjail
ezjail: /usr/ports/sysutils/ezjail
# cd /usr/ports/sysutils/ezjail
# make install cleanThis is a fast process. ezjail is very light. You can rehash when you're done so you can run it immediately. The following commands will create and modify the config files under /usr/local/etc/ezjail.
If this is a fresh install and you've not done a buildworld yet, you can install jail binaries. If you have your /usr/src straightened out all up to date with patches and everything use the second method.
Fresh install method 1:
# ezjail-admin installIf you're all set on the /usr/src and you've done makeworld already method 2:
# ezjail-admin update -p -iThe '-p' will give your jails ports and the '-i' skips the build/make for the world.
There are a few details we need to establish before we make the first jail. You will need a separate IP address for each jail you create. We're going to assume you know how to identify your network interface; contact me if you need to know how to do this as it would make an excellent post. We will need to alias the new IP to the network interface. To make it stick on reboot, we add the alias line to /etc/rc.conf. The overall process of making a jail is quite easy. Simply modify a few files and start creating jails. First turn syslog and sshd to listen only on the host system's IP address.
Assuming you have an IP of 192.168.1.50 on the host system network interface em0 and the IP block of 192.168.1.51-55 is free (at least 51 for this example).
Echo the following statement to /etc/rc.conf for syslog.
# echo 'syslogd_flags="-ss"'>>/etc/rc.confEdit /etc/ssh/sshd_config and add the following line near the top:
ListenAddress 192.168.1.50If you have other services running on the host system, then you'll have to do something similar to their files.
We're going to commit the IP address to the interface now so we can create the jail, then fix it to boot with it in after that. Like this:
# ifconfig em0 192.168.1.51/32 aliasNote the subnet is CIDR /32 or 255.255.255.255 as opposed to 255.255.255.0 as you would expect with a vanilla class C network. The subnet on the jails must be different than that of the host system.
We need the IPs established and for the jails to start at boot. Edit the file /etc/rc.conf and add:
ezjail_enable=YES
ifconfig_em0_alias0="inet 192.168.1.51/32"
Now our jails will start, and our first jail IP address is specified. This jail is going to be an FTP server called dudesftp and will live under /usr/jails/dudesftp.
# ezjail-admin create dudesftp 192.168.1.51A bunch of files will go by starting with /usr/jails. The jail is now created. Console in and start setting up your new virtual server. You will want to set up files like /etc/hosts, /etc/resolv.conf and /etc/rc.conf. You might also want to turn on sshd and create users for inside the new jail.
# ezjail-admin console dudesftpThat will log you on as root after starting the jail for the first time. Other useful ezjail-admin commands:
ezjail-admin stop JAILNAME ## stops the jail JAILNAME
ezjail-admin delete (-w) JAILNAME ## deletes the jail JAILNAME -w deletes the files that make up the jail as well
ezjail-admin reboot JAILNAME ## reboots the jail JAILNAME
No comments:
Post a Comment