On Oct 22, 2007, at 11:12 PM, Stefan Grundmann wrote:
i cannot reproduce this with my setup. but i remember problems last time iFrom outside the jail I cannot ssh in. Where should I look at to fix this. sshd is running inside the jail. I get the error ssh: connect to host xxx.65.222.198 port 22: No route to hosttried to abuse the loopback if for jails.
What issues did you have with loopback if and jails? I run dozens of jails on lo0 using 127.0.0._ addresses. The only "special" case is 127.0.01. Skip it and you're good to go. Depending on what the jail needs, I sometimes use stunnel to proxy the connection from a public to loopback IP but most of the time I use PF with nat and rdr rules.
The only issue I have is what I described here: http://www.nabble.com/Jails-and-loopback-interfaces-t4014351.htmlBut you'd have that same issue regardless of the private interface or netblock being used. So I configured split-horizon DNS and that solves the issue for me.
Q. 2. I also tried to add some software from ports as root inside the jail but cannot access the ports tree.you did install a ports tree inside the jail (ezjail-admin -p) ?Do I add software from inside the jail? Or do I add it from outside thejail?you do it from inside the jail (o.k. you _could_ do it from the host system overriding PREFIX and maybe the package database but it is not the ezjail way)
Depends on what your after.I use jails for applications. MySQL goes in one. Apache with some custom perl extensions in another. Lighttpd with PHP in another. Etc. I find that easier to manage as each application has exactly what it needs installed in each jail and nothing more. When I need to make changes, I'm only affecting one application or site instead of dozens.
I'm typically the only user in most of my jails. With that being the case, it is senseless to have multiple copies of the ports tree installed in each jail. So I have /usr/ports as a directory in each jail and I run a script from the jail host that automatically nullfs mounts the ports tree and drops me into the jail.
[matt@jails] ~ % ./jail_manage.sh simerson running as matt, using sudo processing jail simerson mount_nullfs /usr/ports /usr/jails/simerson/usr/ports simerson# exit exit all done! /sbin/umount /usr/jails/simerson/usr/ports consider installng tripwire in jail simersonWhen I'm done, I exit the jail and if the script mounted ports, it automatically unmounts it as well. It also checks to see if tripwire is installed and if so, offers to run the update script. This saves me a lot of typing when keeping each of my jails up-to-date.
Description: Binary data