despre compartiment
Aici puteti gasi articole in romana despre instalarea, configurarea si administrarea unor servicii precum si a intregului sistem.
login
articole
19.11.07 13:10Crearea si configurarea jails pe FreeBSD
Ultima modificare: 19.11.07 13:12
E nevoie de reconfigurat toate serviciile ruland pe sistemul dat ca sa asculte pe o singura adresa ip , si nu pe toate interfetele posibile.

Exemplu:

SSH - /etc/ssh/sshd_config:
ListenAddress 83.218.221.1

MySQL - /etc/my.cnf:
[mysqld]
bind-address=127.0.0.1

s.a.m.d. apache, mail, samba

Instalarea si configurarea propriu zisa a jail:

# mkdir -p /home/data/jails/192.168.1.3
# cd /usr/src
# make installworld DESTDIR=/home/data/jails/192.168.1.3
# cd /usr/src/etc
# make distribution DESTDIR=/home/data/jails/192.168.1.3

# cd /home/data/jails/192.168.1.3
# ln -sf dev/null kernel
# mount_devfs devfs /home/data/jails/192.168.1.3/dev
# cp /etc/resolv.conf /home/data/jails/192.168.1.3/etc/
# touch /home/data/jails/192.168.1.3/etc/fstab
# mount_nullfs /usr/ports /home/data/jails/192.168.1.3/usr/ports
# mount_nullfs /usr/src /home/data/jails/192.168.1.3/usr/src

# ifconfig lo0 alias 192.168.1.1 netmask 255.255.255.255
# ifconfig lo0 alias 192.168.1.3 netmask 255.255.255.255

# jail /home/data/jails/192.168.1.3 jail3.nafanya.freebsd.su 192.168.1.3 /bin/sh


Urmatoarele etape : schimbarea parola root in jail si crearea unui fisier /etc/rc.conf cu continutul :

hostname="jail3.nafanya.freebsd.su" # Set this!
ifconfig_lo0="inet 192.168.1.3 netmask 255.255.255.255"
defaultrouter="192.168.1.1" # Set to default gateway (or NO).
sshd_enable="YES"



In sistemul de baza, adaugam urmatoarele randuri in /etc/rc.conf :

gateway_enable="YES"
ifconfig_lo0="inet 192.168.1.1 netmask 255.255.255.255"
ifconfig_lo0_alias0="inet 127.0.0.1 netmask 255.0.0.0"
jail_enable="YES"
jail_list="jail3"
jail_jail3_rootdir="/home/data/jails/192.168.1.3"
jail_jail3_hostname="jail3.nafanya.freebsd.su"
jail_jail3_ip="192.168.1.3"
jail_jail3_interface="lo0"
jail_jail3_devfs_enable="YES"
jail_jail3_exec_start="/bin/sh /etc/rc"
jail_jail3_exec_stop="/bin/sh /etc/rc.shutdown"



In /etc/pf.conf se va configura NAT pentru sistemul jail :

lo_int="lo0"
internal_net="192.168.1.0/24"
external_addr="83.218.221.1"

# NAT
nat on $ext_if from $internal_net to any -> ($ext_if)

# redirect la ssh
rdr on $ext_if proto tcp from any to $external_addr port 55222 -> 192.168.1.3 port 22
pass in all
pass out all



Jail-ul este setat sa porneasca automat la startul sistemei.

Linkuri utile :

http://erdgeist.org/arts/software/ezjail/
http://blog.innerewut.de/2005/08/25/freebsd-jails
http://www.samag.ru/cgi-bin/go.pl?q=articles;n=11.2006;a=04
http://www.section6.net/wiki/index.php/Creating_a_FreeBSD_Jail
http://www.freebsddiary.org/jail-multiple.php

Articolul original ( rusa ) >>
Autor: Nafanya
Comentarii: 3

09.01.08 14:03@lex
potate cineva sa-mi zica de ce nu pot sa montez
#mount_nullfs /usr/ports /home/data/jails/192.168.33.127/usr/ports

mount_nullfs: /usr/home/data/jails/192.168.33.127/usr/ports: No such file or directory

10.01.08 13:56floyx
dupa ceea ce zice log-ul:
/usr/home/data/jails/192.168.33.127/usr/ports: No such file or directory
vezi daca exista folderul:
/usr/home/data/jails/192.168.33.127/usr/ports
mount nu o sa ti-l creeze daca el nu exista.

03.04.08 16:28denis
Cum imi pot pune si eu un server de cs pe un root ca vreau sa fie deschis non-stop

Adauga Comentariu:
Nume:
E-mail:
Cometariu:
 
counter
Informatia de pe site este prezentata "AS IS" si nimeni NU garanteaza veridicitatea sa
Hosting si intretinerea site-ului - REMSYS © 2003-2007