jail

  1. H

    Solved PF in jail: /dev/pf: No such file or directory

    When trying to start pf with service pf start, I get the following error message: Enabling pfpfctl: /dev/pf: No such file or directory pfctl: /dev/pf: No such file or directory pfctl: /dev/pf: No such file or directory My Jails are confiugred in /etc/jail.conf: # Global Stuff exec.start...
  2. V

    Solved FreeBSD Jails or bhyve hypervisor

    Hello community of freeBSD I have a project in mind to replace my windows server park. Currently I have a netgear as router and a Windows 2008 server that does AD and windows share. I have for idea to replace the netgear by PFSENSE and the active directory by samba4 for the domain controller...
  3. icecoke

    Some security concerns...

    Hi everyone, not sure if I'm in the right forum area, so maybe a mod wants to move this. Is it possible to 'track' actions that are done in a jail where an sshd server is running and offering root access (so of course no root access directly in the sshd, but after login su/sudo is possible)...
  4. goshanecr

    Solved Subnet on ExtIF and ipfw nat not working

    Good day! Please, help me understand, how setup FreeBSD 11-STABLE amd64 router with several ip addresses on external interface. I have: Provider give me subnet 1.1.1.2/24 gw 1.1.1.1 /etc/rc.conf # Assigned external IP addresses ifconfig_rl0="inet 1.1.1.2/24" ifconfig_rl0_alias0="inet...
  5. J

    Solved Fetch: protocol not supported

    Hi, I don't understand why I can't use fetch from inside my jail. # fetch http://www.yahoo.com fetch: http://www.yahoo.com: Protocol not supported Name resolution works: # host -t A yahoo.com yahoo.com has address 98.139.183.24 yahoo.com has address...
  6. J

    How to freebsd-update only the jail's components?

    Hello, I read that freebsd-update uses the /etc/freebsd-update.conf file to determine which components to update. The /etc/freebsd-update.conf file of my host contains the following line: Components src world kernel So I'm guessing that each time I'm trying to update a jail using...
  7. J

    Should jails have the src component?

    Hello, I'm trying to create jails and keep them up to date and secure. I don't know if I should add the src component to my jails. As of now, I only download base.txz, lib32.txz and doc.txz from http://ftp.freebsd.org/pub/FreeBSD/releases/amd64/amd64/11.0-RELEASE/ , extract them in a directory...
  8. pming

    Jail lost all packages

    Hello everyone I recently set up Nextcloud in a jail using apache24, mariadb101 and php70 on FreeBSD 10.3. After rebooting my server the jail will not come up correctly. It won't mount datasets and all the packages I installed and their configuration seems gone. pkg info only returns pkg. I...
  9. T

    mlock(2) in jails

    Hi, since various applications want to do that, often fail/coredump not being able to I wonder whether there is a way to allow mlock in jail. I am getting a permission denied there. I am using FreeBSD 10.3 on the target machine and ezjail.
  10. J

    Minimal jail.conf and jail.conf options

    Hello, I'd like to create jails using the jail built-in utility and the new /etc/jail.conf configuration file. However, the manual at https://www.freebsd.org/doc/handbook/jails-build.html still uses the old format of using jail_ variables in /etc/rc.conf. I don't have any jail.conf on my...
  11. J

    Why am I unable to update my FreeBSD jails?

    Hello, I'm trying to update the base system of the jails on my host. I created the jails using EZJail. On the host or on the jails, I think the correct way to check if my base system is up to date is to call # freebsd-update fetch This way I get a list of available updates. If the list is...
  12. J

    What happens in a jail when updating the main host system?

    Hi, despite reading and re-reading the manual, I have an extremely hard time understanding how to keep my FreeBSD host and my FreeBSD jails secure. I am going to try to express my current understanding of FreeBSD as maybe the problem is that I don't understand it. There seems to be on one...
  13. geek

    Ban non-VPN or all networking

    Hello. Is there a way to force some applications to only use a VPN interface for networking, or ban all networking from them completely? Could this be done with jails? I want to use VPN "anonymously" so that my real IP, DNS requests and other such stuff are not leaked.
  14. masteroman

    Solved Redis in FreeBSD jail

    I've been using jails and managing them with ezjail, as such I'm not using vimage jails but plain ol' jails. In one of the jails I have installed Nginx, PHP-FPM, Redis, and Wordpress located on one of the user accounts within jail. When configuring Redis to listen on 127.0.0.1 it binds to all...
  15. J

    How to trigger events within jail on file creation

    I'd like to be able to configure the ability to trigger events within a jail when files are created in specific directories. While I can use auditd and praudit to capture file creation on the host, as far as I know jailed use of that facility isn't possible, even with providing /dev/auditpipe to...
  16. M

    Jailed NAS: NFS and Kerberos

    Dear FreeBSD Community! I'm planning to setup a NAS (for my family, a mix of Windows, Linux and Mac OS Clients) in a jail on my FreeBSD machine (which should replace my actual Linux-based homeserver step by step). So I prepared a jail with it's own IP, set up samba and joined our Active...
  17. M

    Xwiki in a jail

    Jails have confused me. My ultimate goal is to setup xwiki in a jail (after installing tomcat and MySQL). I have sucessfully created the jail with: iocage create tag=xwiki ip4_addr="ue0|192.168.1.8 started it: iocage start xwiki and accessed it: iocage console xwiki Now the output of ifconfig...
  18. unknownuser

    Host unable to load web pages from Jail - 408

    Hello everyone. I have a Windows 10 Workstation where I run a FreeBSD 10.3 Guest server over VMWare 12. This FreeBSD VM is meant to run multiple Apache/PHP/Wordpress instances on multiple jails. The FreeBSD guest is bridged through the HOST Ethernet NIC, where the HOST has the IP...
  19. Y

    FreeBSD11+Postgres+jail

    Hi, I been surfing the net looking for an answer for this: I want to run PostgreSQL in a jail. creating directory /usr/local/pgsql/data ... ok creating subdirectories ... ok selecting default max_connections ... 10 selecting default shared_buffers ... 400kB creating configuration files ... ok...
  20. F

    Jails, webserver and website

    Hello, NB question here: Setting up FreeBSD on a VPS. Some howto's have Apache running on the host, and the website in a jail. Other howtos have Apache running in a jail. My question, from a security point of view, is it better to run Apache in it's own jail? Would I put my Wordpress website in...
Top