Support #668
Updated by Daniel Curtis about 9 years ago
This is a guide on using ezjail to create a jail on FreeBSD 10. 9. h2. Prepare the Environment * Make sure the system is up to date: <pre> pkg update && pkg upgrade </pre> h2. Install Ezjail * Install ezjail: <pre> pkg install ezjail </pre> * Create the base jail with the system sources and a ports tree: <pre> ezjail-admin install -p -sp </pre> #* *NOTE*: To add system sources add the -s flag * (Optional) Update the basejail with freebsd-update. Just run: <pre> freebsd-update ezjail-admin update -u </pre> #* To upgrade a jail to a specific version: <pre> ezjail-admin update -U -s 11.0-RELEASE mergemaster -U -D /usr/jails/jail.exameple.com </pre> * To update the base jail's ports tree, which all jails also have read-only access to: <pre> ezjail-admin update -P </pre> * Make an alias on my "em0" NIC. Replace "em0" with your network card name and your network settings: <pre> ifconfig em0 alias 192.168.100.5 netmask 0xffffff00 broadcast 192.168.100.255 </pre> * Make an rc.conf entry to ensure the jail will be started at boot and gets the IP it needs: <pre> echo 'ifconfig_em0_alias0="inet 192.168.100.5 netmask 0xffffff00 broadcast 192.168.100.255"' >> /etc/rc.conf echo 'ezjail_enable="YES"' >> /etc/rc.conf </pre> * Next, create the actual jail. Give it a hostname and the IP address from before: <pre> ezjail-admin create jail.example.com 192.168.100.5 </pre> * Copy your resolv.conf to the jail so it can do DNS. <pre> cp /etc/resolv.conf /usr/jails/jail.example.com/etc/ </pre> * Finally, start the service: <pre> service ezjail start </pre> * Placing limits on jails is also possible. To only give the jail access to the first CPU core, you could do: <pre> ezjail-admin config -c 0 jail.example.com </pre> * See this page for more options on limiting jail resources. Finally, to check whether your jail is running, use the "jls" command: <pre> jls </pre> #* _Example output_: <pre> JID IP Address Hostname Path 1 192.168.100.13 jail.example.com /usr/jails/jail.example.com </pre> * From here, you can get a root shell in the jail and start setting things up as you would with a normal FreeBSD system. <pre> ezjail-admin console jail.example.com </pre> * Moving jails between hosts is easy with minimal configuration changes. Stop the example jail and archive it to a file: <pre> ezjail-admin stop jail.example.com ezjail-admin archive jail.example.com </pre> * The archived file should appear in /usr/jails/ezjail_archives. You can securely transfer the file to another server, make a new basejail and put the archive in place. <pre> scp jail.example.com.tar.gz offsite.example.com:/usr/jails/ezjail_archives ezjail-admin create -a /usr/jails/ezjail_archives/jail_example_com.tar.gz jail.example.com 192.168.100.5 ezjail-admin start jail.example.com </pre> h2. Resources * http://www.bsdnow.tv/tutorials/jails * https://www.freebsd.org/doc/handbook/jails-ezjail.html * https://wiki.freebsd.org/Jails