jails

  1. masteroman

    Solved Convert ezjail to use ZFS with running jails

    OK, so I've made an mistake with rushing into setting up Jails and haven't configured ezjail before I started creating jails so it by default created all of the jails within /usr/jails directory which is part of zroot ZFS pool, not its own pool. To be more specific I'm talking about the...
  2. masteroman

    Updating jails with ezjail-admin fails

    I've tried updating my basejail on the system with: ezjail-admin update -u but it is unfortunately failing with following message: Looking up update.FreeBSD.org mirrors... 4 mirrors found. Fetching metadata signature for 11.0-RELEASE from update6.freebsd.org... done. Fetching metadata...
  3. timypcr

    Delete network alias

    I created a bad alias when attempting to setup networking for a jail. I ran ifconfig bce0 alias 192.168.1.111 netmask 0xffffff00 broadcast 192.168.4.255 when I should have done this ifconfig bce0 alias 192.168.4.111 netmask 0xffffff00 broadcast 192.168.4.255 I've corrected the problem but...
  4. timypcr

    Access/modification time set failed on: ./var/empty

    Hello, I run three jails on a FreeBSD 11-release host, and manage them with ezjail. One of the jails generates an error when attempting to archive it. ezjail-admin stop reminder ezjail-admin archive reminder pax: Access/modification time set failed on: ./var/empty <Operation not permitted>...
  5. N

    Postfix multi-domain mail server - jails or virtual domains?

    Hello folks! I am just getting started to setup a new mail server running FreeBSD 11. I need to setup 4 domains on this server. I am using Postfix as the MTA, Dovecot for Imap/Pop, Amavisd, Spamassassin, Postgrey & Clamav for filtering messages. Initially, all the domains will share a common...
  6. mrpsycho

    ezjail at start can't find indexinfo distr

    Hello, tried to find similar problem... but it looks like nobody got it. so, I'm trying to make different flavours with installing software from ports. and for example, i can't install ports-mgmt/portdowngrade cause of: Making all in m4 Making all in tests ===> Staging for...
  7. W

    Solved What level of devfs_ruleset is more secure?

    Hey guys, I am working on my git server, and SSH its claiming about have no access to /dev/tty inside of jail. After read about this issue, I have found is need setup on /etc/rc.conf to start it using: devfs_load_rulesets="YES" And on my jail.conf I need use devfs_ruleset, the level 3 and 5...
  8. blueCub

    Installing packages in Jails is very slow and causing timeout

    Hi All, I am still quite new to jails and still getting my head around. I am using ezjail and created few jails. Everything is fine apart from pkg install which is very flow and quite often times-out before it finishes downloading all the dependencies. roceed with this action? [y/N]: y...
  9. puppyboy

    Does each jail need its own loopback or can they all share one?

    I thought this would be clearly spelled out somewhere but if it is I can't find it. Under the ezjail section in the handbook it includes a couple parts about creating an extra loopback for a jail. First you create it with cloned_interfaces="lo1" in /etc/rc.conf, and then in the example jail it...
  10. S

    migrate FreeBSD jails to linux

    we are running some jails in FreeBSD 10 and the decision has been made to decommission the FreeBSD server and migrate all the jails to Linux environment Red Hat 6 or 7. Is there a straight forward way of migrating BSD jails to linux -- as containers that can be run via docker or any other way...
  11. korund

    Routing between jails and physical interfaces

    I'm trying to get the following scheme up and running: What would be a good read to start except of jail man page?
  12. T

    Networking Structure for VM Host

    Hello, I'm currently running a server based on FreeBSD 10.3. I'm using jails to separate all the running services. Since I only have one public IPv4 address, I use PF and a nginx-proxy to redirect to the specific jails inside the NAT. My plan is to use 11.0 and it's enhanced bhyve features to...
  13. F

    Solved Best way to adress a jail

    Hello, I'm currently my FreeBSD machine and I wondering what'S best option to adress a jail with IP. my ifconfig re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>...
  14. l33tname

    Solved Prosody s2s connection-timeout in jail

    I installed prosody in a jail redirect the traffic to it with pf. With this config: rdr on $EXT proto { tcp, udp } from any to any port $XMPP_PORTS -> 10.0.0.11 And for unknown reasons at least for me the s2s part just fails with error messages like this Sep 27 20:39:21 s2sin804074c40 info...
  15. priyadarshan

    Jails vs bhyve

    Since FreeBSD 11 is here, I am tempted to simplify our server setup, and use Bhyve also for all jail needs. I would not mind exchanging a small percentage of available CPU for more simplicity, but does it make sense to standardise on Bhyve vs Jails, in order to simplify setup and workflow? In...
  16. S

    Owncloud in FreeBSD Jail

    I'm considering setting up Owncloud on my FreeBSD 10.3 server in a jail, but I'm wondering about being able to connect to files outside the jail. I have a pretty sizeable file collection (photos, docs, etc.) on the server now (not jailed) that I will want to connect to from Owncloud inside the...
  17. G

    Solved PF Fails to Load Ruleset with Jails (lo1 interface)

    This post is for anyone who may be using a jail, and after you set the jail to run at startup, PF rules are not loading (on the host machine). The odd thing that made me scratch my head is that you can manually start it and everything works; something is uniquely happening at startup that is...
  18. ikanobori

    IPFW IPFW/NAT and Jails having many out-of-order and reassembled TCP packets

    Hi, Traffic coming out of my jails seems to be very slow so I ran a tcpdump on my external interface to see what is going on and I get a whole slew of TCP Out of Order and TCP Duplicate ACK in Wireshark. I am talking pages full when any traffic is going out of the jails. Traffic going into the...
  19. scrappywan

    FreeBSD VPS Jailed Web Servers Network Isolation

    I have a VPS on Digitalocean which I used mfsbsd to reinstall FreeBSD with ZFS/zroot with PF as my firewall. My plan with this VPS is to run wordpress, a static site and owncloud each in their own jails. Currently, I use nginx on the host machine running as a reverse proxy, intercepting https...
  20. Phishfry

    Software usage for a jail?

    I am wondering about using sysutils/webmin in a jail as I would like to use the best security practices available. My question is the very nature of Webmin being a server monitoring service with a webgui, would all the features work? My question is how could you "sandbox' webmin in a jail and...
Top