I am using sysutils/ezjail to build a jailed pxeboot environment. I would like to run net/isc-dhcp42-server in the jail, but I am finding conflicting info about this. I have already configured and started jailed ntp, inetd (tftp), but of course need dhcp to complete the hand.
Method 1: Install dhcp normally (unjailed) then modify /etc/rc.conf:
Best instructions I could find for this method: http://www.debian.md/cmds/dhcp_freebsd.html. Supporting evidence from post-install:
Then create /etc/devfs.rules with:
I really have no idea what all that means, but I have no firewall running on my system because it is not exposed to the outside. My jail has IP 192.168.2.1/24 and if I chroot to the jail environment and try starting dhcp I get error:
Best instructions I could find for this method (in German, but followable): http://www.asconix.com/howtos/freebsd/dhcp-server-freebsd-howto
I have one more criteria for the setup
The jails will not be runnig all the time, so neither should dhcp - they should all start-up together - so Method2 is preferable, but if all fails I'll use a separate start-up script.
Method 1: Install dhcp normally (unjailed) then modify /etc/rc.conf:
Code:
dhcpd_jail_enable="YES"
dhcpd_rootdir="/usr/jails/pxeboot/var/db/dhcpd"
Method 2: Install dhcp in the jail and modify devfsrules. First in /usr/local/etc/ezjail/pxeboot, setWARNING: never edit the chrooted or jailed dhcpd.conf file but /usr/local/etc/dhcpd.conf instead which is always copied where needed upon startup.
Code:
export jail_thttpd_devfs_ruleset="devfsrules_jail_dhcp"
Code:
[devfsrules_jail_dhcp=1]
add include $devfsrules_hide_all
add include $devfsrules_unhide_basic
add include $devfsrules_unhide_login
#add path 'bpf*' unhide
add path net unhide
add path 'net/*' unhide
Code:
# service isc-dhcpd onestart
Warning: subnet 192.168.2.0/24 overlaps subnet 192.168.2.0/24
I have one more criteria for the setup
The jails will not be runnig all the time, so neither should dhcp - they should all start-up together - so Method2 is preferable, but if all fails I'll use a separate start-up script.