|
FreeBSD General Other questions regarding FreeBSD which do not fit in any of the categories below. |
|
Thread Tools | Display Modes |
|
|||
Jails, ezjail, apache, very newbie question.
Im not really looking to become and expert at running a web server or anything but I pretty much play around with freebsd as a hobby. Ive been using freebsd for that last three years and have some basic knowledge and can keep my system up and fix minor problems etc. Ive been wanting to learn more about jails lately and want to set up a web server to play around with and give myself something to do in my off time. Setting up the jail appears easy enough but the one part of it that I dont fully understand is the networking and how the port forwarding to the jail works etc. Is there anywhere that I can turn to look for this information to help me understand the networking concepts and more importantly how they work with jails? Ive seen several writeups that give some information on how to get the network side of things working properly but i dont understand it fully. I see this
Code:
ifconfig_fxp0_alias0="inet 10.10.10.100/32" Code:
prefixlen len (Inet6 only.) Specify that len bits are reserved for subdividing networks into sub-networks. The len must be integer, and for syntactical reason it must be between 0 to 128. It is almost always 64 under the current IPv6 assignment rule. If the parameter is omitted, 64 is used. The prefix can also be specified using the slash notation after the address. See the address option above for more information. If anyone is willing to put me in the right direction to help understand this and the basics of jails and setting them up I would appreciate it. Last edited by neurosis; 17th August 2008 at 07:39 PM. |
|
|||
The /32 is called CIDR notation.
http://en.wikipedia.org/wiki/Classle...Domain_Routing /32 means that 32 bits of the IP address never change. And since an IPV4 address is only 32 bits, then that means it's a single IP address. For example, on my internal network, I have it set up as 10.0.0.0/8, which means the only thing in the IP that ever stays the same is the first octet (the "10."). So I have over 16 million IP's available on my internal network. As far as "port forwarding" to the jail, you'll have to do that at your switch/router level. Since the jail has its' own IP address, you can forward all requests on port 80 from your router to the IP of the jail (assuming, of course, that the jail's IP sits on the same subnet as your router). If the rest of your "internal" network is, for example, 192.168.1.0/24, then this solution won't work (since 10.10.10.100/32 is not in the same subnet). Hopefully I didn't confuse you further
__________________
I just saved a bunch of money on my car insurance by fleeing the scene of the accident! |
|
|||
Absolutely not! You didnt confuse me further. This was good information. I guess this leads to another question though. Does my jail require its own network card? I guess I dont understand how you can run two ip's on a single network card unless the host system is sending the information to the jail.
|
|
|||
There is absolutely nothing preventing a network interface from having multiple IP addresses, whatever gave you that idea?
Read ifconfig(8), search for "alias", look at the EXAMPLES section for more info. Also rc.conf(5), "network_interfaces". |
|
|||
Im already starting to understand allot better. Im glad that I decided to play around with this. I just dont want to start to set up the jail until I understand what I am doing. Thanks!
Quote:
|
|
||||
I have a couple of (somewhat dated) pages on jails and ezjail
(The pages aren't always up, as I tend to play with the computer running it but) http://www.scottro.net/qnd/qnd-jail.html Is the one for jails in general, and in the first paragraph there's a link to the ezjail one. I do recommend ezjail, it does what its name implies and makes it easier, though I think it's still quite necessary to have a reasonable understanding of jails first. |
|
|||
One more question about the networking side of things. Obviously I have a very limited knowledge of networking too which im hoping to learn something in this arena as well. My BSD box is set up for DHCP right now but at the router by mac address its set up to hold a specific ip for this computer so that its IP never changes. Can I leave this set for DHCP but when I set up the jail just assign the alias as an address that is higher than what is normally used by my home network? Right now my bsd box is 192.168.1.10. If I assign the alias to 192.168.1.100 then there is no chance that any of my computer on my home network will try to aquire that address?? Is this a dumb way to go about this?
scottro, Actually, your guide is what ive been hoping to use to get the jails set up. Last edited by neurosis; 18th August 2008 at 03:38 PM. |
|
|||
hey now! QnD guides -- ezjail saved me back in the day
|
|
|||
This may help you: http://wael.nasreddine.com/2008/03/19/jail-servers.html
|
|
|||
Ok... this has me a bit off. Is it a must to update source to use jails? Ive installed FreeBsd 7.0-Release a bit back but not too long ago. It now looks like the newest source reflects REVISION="7.0"
BRANCH="RELEASE-p3" . I am trying to decide whether I should update the entire system or can I get away with removing the source and replacing it with what is on the cd? FreeBSD 7.0-RELEASE is what my machine is currently running. I am afraid of breaking my machine. I did try to run ezjail-admin update -i but it errors on me i think because I have updated my /src directory but it doesnt match the version that I am currently running?? I get as an error Code:
-------------------------------------------------------------- >>> Installing everything -------------------------------------------------------------- cd /usr/src; make -f Makefile.inc1 install ===> share/info (install) install -o root -g wheel -m 444 dir-tmpl /usr/jails/fulljail/usr/share/info/dir install:No such file or directory *** Error code 1 Stop in /usr/src/share/info. *** Error code 1 Stop in /usr/src. *** Error code 1 Stop in /usr/src. *** Error code 1 Stop in /usr/src. *** Error code 1 Stop in /usr/src. make installworld failed. |
|
|||
update first, http://www.daemonforums.org/showthread.php?t=1726
Follow the updating part of that thread. |
|
|||
Well, thanks for everyones help. System is updated "first time ive done that", jail is created and working although I would still like to understand it better. The networking side of it appears to be working fine which is good. I definitely need to change the ssh port ive noticed. The jail was up for one hour and already 4 attempts to login. I started denyhosts in the jail but will change the ssh port soon. I originally set up an account inside of the jail for admin purposes but later deleted it figuring that I could just admin it from the computer itself. Im not sure what the best way to go about administrating the jail is yet.
|
|
||||
Quote:
Additionally, do some searching on the forums - there are brute force mitigation techniques using PF that may come in handy. Quote:
# jexec 1 /bin/csh (where '1' refers to the appropiate jail ID, returned by jls(8).) That will drop you into a root shell within the jail.
__________________
Kill your t.v. |
|
|||
Thanks... thats helpfull.
I got apache22 installed and up but still need to spend a little time on the config. When i installed apache it didnt seem to put some things where expected IE when I tried to connect to my computer to view the apache page i rather got an error stating that I was not authorized to access root dir/ . That confused me a little. the data directory appeared to be missing completely although everything else seemed to be there which I thought was a bit strange. (found the answer to the question already. I searched all over the internet for writeups and go figure.. i found what i needed on apache's web site.) Last edited by neurosis; 19th August 2008 at 08:43 PM. |
|
|||
Take a look at mod_security, it's an apache module.
http://www.freebsd.org/cgi/ports.cgi...rity&stype=all Open source web apps are prime targets. |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Newbie kernel question | sbonar | Programming | 11 | 17th August 2009 11:40 PM |
Apache Port Question / MYSQL | casteld73 | FreeBSD Ports and Packages | 2 | 2nd November 2008 05:12 PM |
ezjail /usr/home users and groups question | neurosis | FreeBSD Security | 7 | 8th September 2008 08:40 PM |
Apache 1.3 question | jedispy | FreeBSD General | 0 | 13th June 2008 01:58 AM |
Newbie question about ajunta install | Johnny2Bad | Programming | 3 | 8th June 2008 05:57 PM |