E nevoie de reconfigurat toate serviciile ruland pe sistemul dat ca sa asculte pe o singura adresa ip , si nu pe toate interfetele posibile.
Exemplu:
SSH - /etc/ssh/sshd_config:
ListenAddress 83.218.221.1
MySQL - /etc/my.cnf:
[mysqld] bind-address=127.0.0.1
s.a.m.d. apache, mail, samba
Instalarea si configurarea propriu zisa a jail:
# mkdir -p /home/data/jails/192.168.1.3 # cd /usr/src # make installworld DESTDIR=/home/data/jails/192.168.1.3 # cd /usr/src/etc # make distribution DESTDIR=/home/data/jails/192.168.1.3 # cd /home/data/jails/192.168.1.3 # ln -sf dev/null kernel # mount_devfs devfs /home/data/jails/192.168.1.3/dev # cp /etc/resolv.conf /home/data/jails/192.168.1.3/etc/ # touch /home/data/jails/192.168.1.3/etc/fstab # mount_nullfs /usr/ports /home/data/jails/192.168.1.3/usr/ports # mount_nullfs /usr/src /home/data/jails/192.168.1.3/usr/src # ifconfig lo0 alias 192.168.1.1 netmask 255.255.255.255 # ifconfig lo0 alias 192.168.1.3 netmask 255.255.255.255 # jail /home/data/jails/192.168.1.3 jail3.nafanya.freebsd.su 192.168.1.3 /bin/sh
Urmatoarele etape : schimbarea parola root in jail si crearea unui fisier /etc/rc.conf cu continutul :
hostname="jail3.nafanya.freebsd.su" # Set this! ifconfig_lo0="inet 192.168.1.3 netmask 255.255.255.255" defaultrouter="192.168.1.1" # Set to default gateway (or NO). sshd_enable="YES"
In sistemul de baza, adaugam urmatoarele randuri in /etc/rc.conf :
gateway_enable="YES" ifconfig_lo0="inet 192.168.1.1 netmask 255.255.255.255" ifconfig_lo0_alias0="inet 127.0.0.1 netmask 255.0.0.0" jail_enable="YES" jail_list="jail3" jail_jail3_rootdir="/home/data/jails/192.168.1.3" jail_jail3_hostname="jail3.nafanya.freebsd.su" jail_jail3_ip="192.168.1.3" jail_jail3_interface="lo0" jail_jail3_devfs_enable="YES" jail_jail3_exec_start="/bin/sh /etc/rc" jail_jail3_exec_stop="/bin/sh /etc/rc.shutdown"
In /etc/pf.conf
se va configura NAT pentru sistemul jail :
lo_int="lo0" internal_net="192.168.1.0/24" external_addr="83.218.221.1" # NAT nat on $ext_if from $internal_net to any -> ($ext_if) # redirect la ssh rdr on $ext_if proto tcp from any to $external_addr port 55222 -> 192.168.1.3 port 22 pass in all pass out all
Jail-ul este setat sa porneasca automat la startul sistemei.
Linkuri utile :
http://erdgeist.org/arts/software/ezjail/
http://blog.innerewut.de/2005/08/25/freebsd-jails
http://www.samag.ru/cgi-bin/go.pl?q=articles;n=11.2006;a=04
http://www.section6.net/wiki/index.php/Creating_a_FreeBSD_Jail
http://www.freebsddiary.org/jail-multiple.php