cd /usr/src
make build world
+ Configurer ezjail-admin
cd /usr/ports/sysutils/ezjail && make install clean
echo 'ezjail_enable="YES"' >> /etc/rc.conf.local
+ Ajouter /etc/pf.conf :
echo ‘nat on em0 from lo1:network to any -> (em0)’ >> /etc/pf.conf
+ Ajouter dans /etc/rc.conf :
echo 'pf_enable="YES"' >> /etc/rc.conf
echo 'pf_rules="/etc/pf.conf"' >> /etc/rc.conf
echo 'pflog_enable="YES"' >> /etc/rc.conf
echo 'cloned_interfaces="lo1"' >> /etc/rc.conf
echo 'ifconfig_lo1="inet 10.0.1.254 netmask 255.255.255.0"' >> /etc/rc.conf
+ Ajouter dans /usr/local/etc/ezjail.conf :
ezjail_use_zfs="YES"
ezjail_jaildir="/mnt/storage/jails"
ezjail_jailzfs="storage/jails"
+ Executer :
ezjail-admin update -p -i
cp /etc/resolv.conf /mnt/storage/jails/newjail
ifconfig lo1 create
/etc/rc.d/pf start
/etc/rc.d/pflog start
pfctl -d
pfctl -e -f /etc/pf.conf
+ Créer une mail :
zfs create storage/jail/my_jail
ifconfig lo1 inet 10.0.1.1 netmask 255.255.255.0 alias
echo 'ifconfig_lo1_alias0="inet 10.0.1.1 netmask 255.255.255.0"' >> /etc/rc.conf
ezjail-admin create my_jail 10.0.1.1
+ Si on veut avoir que la jail puisse communiquer vers l’extérieur :
sysctl security.jail.allow_raw_sockets=1
de manière permanente :
echo 'security.jail.allow_raw_sockets=1' >> /etc/sysctl.conf
http://blog.burghardt.pl/2009/01/multiple-freebsd-jails-sharing-one-ip-address
http://www.siteduzero.com/tutoriel-3-273288-la-prison.html