[HowTo] Setup A Jail Ontop of FreeNAS 8.x  
(c) FreeNAS Documentation & Support Team
      by Christian Degen <bubulein@freenas.org>

This is a Quick 'n Dirty HowTo for more information checkout 
  - http://en.wikipedia.org/wiki/FreeBSD_jail
  - http://www.freebsd.org/doc/handbook/jails.html

Note about my Setup:
  Host
  - teufelchen.fantaranch.tld
  - 192.168.1.10
  - teufelchen#
  Jail
  - alcatraz.fantaranch.tld
  - 192.168.1.30
  - alcatraz#

  Filesystem Layout
    - tank		my zpool, /mnt/tank
    - tank/freebsd	FreeBSD related files
    - tank/alcatraz	dataset for the jail

Here We Go

SSH into yuo FreeNAS and become root. The datasets can be created on the WebUI, for demonstration i will use commanline only.

teufelchen# zfs create tank/freebsd
teufelchen# zfs create tank/alcatraz

Download the FreeBSD Base-Files

In this case via rsync from a german server. The strange commandsysntax makes sure that the correct files for your Version and Architecture are downloaded.

teufelchen# cd /mnt/tank/freebsd/
teufelchen# rsync -av ftp.de.freebsd.org::FreeBSD/releases/`uname -m`/`uname -r | cut -d- -f1-2`/base/ `uname -r | cut -d- -f1-2`_`uname -m`_base
receiving incremental file list
created directory 8.2-RELEASE_amd64_base
./
CHECKSUM.MD5
CHECKSUM.SHA256
base.aa
base.ab
[...]
base.mtree
install.sh

sent 925 bytes  received 60508876 bytes  661309.30 bytes/sec
total size is 60498897  speedup is 1.00


Extract the files into your new jails root directory.

teufelchen# cd 8.2-RELEASE_amd64_base/
teufelchen# cat base.?? | tar --unlink -xpzf - -C /mnt/tank/alcatraz/


Now we need todo some changes to /etc/rc.conf. You can reboot at any point and the original FreeNAS freenas file will be restored.


Mount / read write to allow changes

teufelchen# mount -urw /

Append the necessary settings to your rc.conf

teufelchen# cat << ! >> /etc/rc.conf
? ### jail related settings ###
? jail_enable="YES"
? jail_list="alcatraz"
? jail_alcatraz_rootdir="/mnt/tank/alcatraz"
? jail_alcatraz_hostname="alcatraz.fantaranch.tld"
? jail_alcatraz_ip="192.168.1.30"
? jail_alcatraz_interface="alc0"
? jail_alcatraz_devfs_enable="YES"
? jail_alcatraz_mount_enable="YES"
? jail_alcatraz_fstab="/mnt/tank/freebsd/fstab.alcatraz"
? !


Create a fstab file for your jail, here you can place any filesystem to munt the fstab style.

teufelchen# touch /mnt/tank/freebsd/fstab.alcatraz

Set a DNS, here OpenDNS

teufelchen# echo "nameserver 208.67.222.222" >> /mnt/tank/alcatraz/etc/resolv.conf

And set the timezone

teufelchen# cp /etc/localtime /mnt/tank/alcatraz/etc/


Now you can start your jail.

teufelchen# /etc/rc.d/jail start
Configuring jails:.
Starting jails: alcatraz.fantaranch.tld.

List running jails, the JID (JailID) is necessary to enter the jail.

teufelchen# jls 
   JID  IP Address      Hostname                      Path
    14  192.168.1.30    alcatraz.fantaranch.tld       /mnt/tank/alcatraz
teufelchen# jexec 14

Now you can follow any FreeBSD/Jail related docs.

alcatraz#

Tip:
checkout
teufelchen# sysctl -a | grep jail
security.jail.param.cpuset.id: 0
security.jail.param.host.hostid: 0
security.jail.param.host.hostuuid: 64
security.jail.param.host.domainname: 256
security.jail.param.host.hostname: 256
security.jail.param.children.max: 0
security.jail.param.children.cur: 0
security.jail.param.enforce_statfs: 0
security.jail.param.securelevel: 0
security.jail.param.path: 1024
security.jail.param.name: 256
security.jail.param.parent: 0
security.jail.param.jid: 0
security.jail.enforce_statfs: 2
security.jail.mount_allowed: 1
security.jail.chflags_allowed: 1
security.jail.allow_raw_sockets: 0
security.jail.sysvipc_allowed: 0
security.jail.socket_unixiproute_only: 1
security.jail.set_hostname_allowed: 1
security.jail.jail_max_af_ips: 255
security.jail.jailed: 0

Have Fun <necromancer>