Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [HowTo] Setup A Jail Ontop of FreeNAS 8.x
- (c) FreeNAS Documentation & Support Team
- by Christian Degen <bubulein@freenas.org>
- This is a Quick 'n Dirty HowTo for more information checkout
- - http://en.wikipedia.org/wiki/FreeBSD_jail
- - http://www.freebsd.org/doc/handbook/jails.html
- Note about my Setup:
- Host
- - teufelchen.fantaranch.tld
- - 192.168.1.10
- - teufelchen#
- Jail
- - alcatraz.fantaranch.tld
- - 192.168.1.30
- - alcatraz#
- Filesystem Layout
- - tank my zpool, /mnt/tank
- - tank/freebsd FreeBSD related files
- - tank/alcatraz dataset for the jail
- Here We Go
- SSH into yuo FreeNAS and become root. The datasets can be created on the WebUI, for demonstration i will use commanline only.
- teufelchen# zfs create tank/freebsd
- teufelchen# zfs create tank/alcatraz
- Download the FreeBSD Base-Files
- In this case via rsync from a german server. The strange commandsysntax makes sure that the correct files for your Version and Architecture are downloaded.
- teufelchen# cd /mnt/tank/freebsd/
- teufelchen# rsync -av ftp.de.freebsd.org::FreeBSD/releases/`uname -m`/`uname -r | cut -d- -f1-2`/base/ `uname -r | cut -d- -f1-2`_`uname -m`_base
- receiving incremental file list
- created directory 8.2-RELEASE_amd64_base
- ./
- CHECKSUM.MD5
- CHECKSUM.SHA256
- base.aa
- base.ab
- [...]
- base.mtree
- install.sh
- sent 925 bytes received 60508876 bytes 661309.30 bytes/sec
- total size is 60498897 speedup is 1.00
- Extract the files into your new jails root directory.
- teufelchen# cd 8.2-RELEASE_amd64_base/
- teufelchen# cat base.?? | tar --unlink -xpzf - -C /mnt/tank/alcatraz/
- Now we need todo some changes to /etc/rc.conf. You can reboot at any point and the original FreeNAS freenas file will be restored.
- Mount / read write to allow changes
- teufelchen# mount -urw /
- Append the necessary settings to your rc.conf
- teufelchen# cat << ! >> /etc/rc.conf
- ? ### jail related settings ###
- ? jail_enable="YES"
- ? jail_list="alcatraz"
- ? jail_alcatraz_rootdir="/mnt/tank/alcatraz"
- ? jail_alcatraz_hostname="alcatraz.fantaranch.tld"
- ? jail_alcatraz_ip="192.168.1.30"
- ? jail_alcatraz_interface="alc0"
- ? jail_alcatraz_devfs_enable="YES"
- ? jail_alcatraz_mount_enable="YES"
- ? jail_alcatraz_fstab="/mnt/tank/freebsd/fstab.alcatraz"
- ? !
- Create a fstab file for your jail, here you can place any filesystem to munt the fstab style.
- teufelchen# touch /mnt/tank/freebsd/fstab.alcatraz
- Set a DNS, here OpenDNS
- teufelchen# echo "nameserver 208.67.222.222" >> /mnt/tank/alcatraz/etc/resolv.conf
- And set the timezone
- teufelchen# cp /etc/localtime /mnt/tank/alcatraz/etc/
- Now you can start your jail.
- teufelchen# /etc/rc.d/jail start
- Configuring jails:.
- Starting jails: alcatraz.fantaranch.tld.
- List running jails, the JID (JailID) is necessary to enter the jail.
- teufelchen# jls
- JID IP Address Hostname Path
- 14 192.168.1.30 alcatraz.fantaranch.tld /mnt/tank/alcatraz
- teufelchen# jexec 14
- Now you can follow any FreeBSD/Jail related docs.
- alcatraz#
- Tip:
- checkout
- teufelchen# sysctl -a | grep jail
- security.jail.param.cpuset.id: 0
- security.jail.param.host.hostid: 0
- security.jail.param.host.hostuuid: 64
- security.jail.param.host.domainname: 256
- security.jail.param.host.hostname: 256
- security.jail.param.children.max: 0
- security.jail.param.children.cur: 0
- security.jail.param.enforce_statfs: 0
- security.jail.param.securelevel: 0
- security.jail.param.path: 1024
- security.jail.param.name: 256
- security.jail.param.parent: 0
- security.jail.param.jid: 0
- security.jail.enforce_statfs: 2
- security.jail.mount_allowed: 1
- security.jail.chflags_allowed: 1
- security.jail.allow_raw_sockets: 0
- security.jail.sysvipc_allowed: 0
- security.jail.socket_unixiproute_only: 1
- security.jail.set_hostname_allowed: 1
- security.jail.jail_max_af_ips: 255
- security.jail.jailed: 0
- Have Fun <necromancer>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
