I have a VPS on Digitalocean which I used mfsbsd to reinstall FreeBSD with ZFS/zroot with PF as my firewall. My plan with this VPS is to run wordpress, a static site and owncloud each in their own jails. Currently, I use nginx on the host machine running as a reverse proxy, intercepting https...
I am wondering about using sysutils/webmin in a jail as I would like to use the best security practices available. My question is the very nature of Webmin being a server monitoring service with a webgui, would all the features work? My question is how could you "sandbox' webmin in a jail and...
What's the best practise to handle the prots tree with iocage managed basejails?
Currently I am manually nullfs mounting the host systems /usr/ports everytime I need it in each jail, but as the number of jails are growing this feels more and more cumbersome.
Starting and stopping the jail works fine when I stick to console apps. I can also successfully launch and use graphical jailed apps on the host display using e.g., jailme 1 firefox, but I cannot cleanly stop the jail after closing jailed graphical apps from my host X display.
Here is my...
I want to create a jail with a publicly routable IPv6 address and a 192.168.0.0/16 IPv4 address. I also do not want the have the interface shared with the base OS, such that listening on port 80 on the base also listens to port 80 on the jails.
I do not see where that is in any...
Please accept my apologies ahead of time as I could not find an appropriate room for questions on jails.
I have a FreeBSD box (10.1) with two jails on them (also 10.1) that I am using for testing and understanding purposes before I implement something more permanent. I have them both in...
I setup a Jail, but it is listening on the same ports as the base OS. So, if the base is listening on port 80, the Jail IP also has port 80 listening. No service is listening on that port.
Using ezjail-admin, I setup a Jail called code. I modified the export_jail_code_ip line of...
I'm currently trying to chroot bind from within a Jail since it's also running Apache.
The problem I'm having is the inability to mount devfs from within the jail.
I'm using ezjail to managed all my jails and have everything regarding devfs turned on in the ezjail configuration files.
I recently installed FreeBSD on my new server. Right now I have one jail running with transmission on it, seeding different Ubuntu versions. Couldn't get the port working, but the package worked excellent.
So now I want to create two other jails. One with a NFS/Samba share and one which...
I was looking for some info about whats the best way to keep jails updated and found many posts saying to never run freebsd-update inside of the jails.
Someone could explain why not?
Actually I am doing a make world, but this take so many time.
My jails have the empty folders...
Please help, I have been trying to figure this out for a couple of weeks now. I need a new set of eyes on this problem. Attached is a diagram to better illustrate the configuration.
To sum up the issue:
Can ping any host to any host
Can fully communicate from/to other physical hosts to the...
I've got a bridge1 with several jails' interfaces as members (vnet1:1, vnet1:2, etc) these can pass packets between each other.
There's a bhyve instance on the host using tap0 which I've added to bridge1, this tunnel is not able to connect to any of the jail vnet interfaces.
Is this to be...
Since ezjail doesn't seem to have been updated for a long time and qjail seems to be a little bit more modern I'm planning to switch.
Is it possible to just migrate my existing jails from one manager to the other without problems?
Are there any resources about this?
I'm keeping getting weird messages when I try to update my email managed jails:
I'm on FreeBSD 10.2-RELEASE-p11 and ezjail v3.4.2
The jails show the right version inside but the update progress doesn't seem to have finished.
This is what I'm getting:
ezjail-admin update -u
Short: I want in FreeBSD Jails with Private IPv4-Addresses and Global Scope IPv6 Addresses. But iI can't get it to work. I have tried a lot, so iI can only tell you what iI have tried.
For me it is possible to add an interface alias to re0 and I'm also able to ping it from around...
I have a fresh install of FreeBSD 10.2, it’s installed on VirtualBox. I have given the VM 4x virtio-net bridged adaptors—so they appear to be on my home network (192.168.1.0/24).
My host rc.conf looks like this:
I am using iocage to manage my jails. When I created the jails, I assigned them an address on my LAN with a command similar to:
iocage create tag=myjail ip4_addr="re0|192.168.1.201"
However, after a few hours the network in the jail disconnects. I can't think of a good way to explain it, but I...
I switched to FreeBSD a week ago on my main server. So far the experience has been great.
Because I'm new to the whole jails theory I'd like to present my plan and possible challenges.
Hostsystem: FreeBSD, 8 Cores, 24GB Ram, Static IP
My idea was to create multiple jails...
I am trying to create a jail on a VPS following this guide on networked jails with a single ip. However, I have no internet access within the jail. Though I do have internet access on the host.
Here is my ifconfig from the host:
I successfully set up mail/opensmtpd in a jail running other web services. I set up mail/dkimproxy for mail signing and all, works like a charm.
Now, the issue I'm having is that all sent mail has headers like these:
Received: from domain.com (domain.com [192.168.1.3])