Support #668
Updated by Daniel Curtis about 9 years ago
This is a guide on using ezjail to create a jail on FreeBSD 10.
h2. Prepare the Environment
* Make sure the system is up to date:
<pre>
pkg update && pkg upgrade
</pre>
h2. Install Ezjail
* Install ezjail:
<pre>
pkg install ezjail
</pre>
* Create the base jail with the system sources and a ports tree:
<pre>
ezjail-admin install -p
</pre>
#* *NOTE*: To add system sources add the -s flag
* (Optional) Update the basejail with freebsd-update. Just run:
<pre>
freebsd-update fetch install
ezjail-admin update -u
</pre>
#* To upgrade a jail to a specific version:
<pre>
ezjail-admin update -U -s 11.0-RELEASE
mergemaster -U -D /usr/jails/jail.exameple.com
</pre>
* To update the base jail's ports tree, which all jails also have read-only access to:
<pre>
ezjail-admin update -P
</pre>
* Make an alias on my "em0" NIC. Replace "em0" with your network card name and your network settings:
<pre>
ifconfig em0 alias 192.168.100.5 netmask 0xffffff00 broadcast 192.168.100.255
</pre>
* Make an rc.conf entry to ensure the jail will be started at boot and gets the IP it needs:
<pre>
echo 'ifconfig_em0_alias0="inet 192.168.100.5 netmask 0xffffff00 broadcast 192.168.100.255"' >> /etc/rc.conf
echo 'ezjail_enable="YES"' >> /etc/rc.conf
</pre>
* Next, create the actual jail. Give it a hostname and the IP address from before:
<pre>
ezjail-admin create jail.example.com 192.168.100.5
</pre>
#* *NOTE*: If using multiple interfaces for the jail, specify the IP address for each interface:
<pre>
ezjail-admin create jail.example.com 'em0|10.0.2.0/24,em1|192.168.100.5/24'
</pre>
* Copy your resolv.conf to the jail so it can do DNS.
<pre>
cp /etc/resolv.conf /usr/jails/jail.example.com/etc/
</pre>
* Finally, start the service:
<pre>
service ezjail start
</pre>
* Check whether your jail is running:
<pre>
jls
</pre>
#* _Example output_:
<pre>
JID IP Address Hostname Path
1 192.168.100.13 jail.example.com /usr/jails/jail.example.com
</pre>
* From here, you can get a root shell in the jail and start setting things up as you would with a normal FreeBSD system.
<pre>
ezjail-admin console jail.example.com
</pre>
#* Start and enable the sshd service at boot:
<pre>
echo 'sshd_enable="YES"' >> /etc/rc.conf
service sshd start
</pre>
* Moving jails between hosts is easy with minimal configuration changes. Stop the example jail and archive it to a file:
<pre>
ezjail-admin stop jail.example.com
ezjail-admin archive jail.example.com
</pre>
* The archived file should appear in /usr/jails/ezjail_archives. You can securely transfer the file to another server, make a new basejail and put the archive in place.
<pre>
scp jail.example.com.tar.gz offsite.example.com:/usr/jails/ezjail_archives
ezjail-admin create -a /usr/jails/ezjail_archives/jail_example_com.tar.gz jail.example.com 192.168.100.5
ezjail-admin start jail.example.com
</pre>
h2. Resources
* http://www.bsdnow.tv/tutorials/jails
* https://www.freebsd.org/doc/handbook/jails-ezjail.html
* https://wiki.freebsd.org/Jails