PC-BSD 9.1 - More Jails and Linux

v 0.3.1

1 Feb 13
2 Feb 13
4 Feb 13

As I mentioned a couple of posts ago, most things are easy in hindsight, but maddening when you have to work them out.  Another such example I have found with PC-BSD Jails under the "Warden".  Rather than try and organise what I've found into little chunks, this will be a narration of the adventure.

I started learning about Jails using a Linux Jail.  I used an IP address within the router address space.  All was well until I tried to communicate with services within the Jail that I thought I'd started.  Not only that, but when I check the router's "attached devices" list, my Jail was nowhere to be seen.

I remembered there were two tutorial articles about Jails in BSD Magazine, one on Linux Jails in issue 12/12 and a tutorial on installing OwnCloud in a Standard Jail in issue 9/12.

The article on Linux Jails went into NAT configuration on the host and editing a few configuration files - I must confess I found this puzzling as a requirement since everything else about PC-BSD organisation of Jails was so automated.  Eventually I went back to the beginning and went through the tutorial setting up a standard BSD Jail.

What I found with the BSD Jail was that there were several other tools to manage these Jail types - including a Process manager, where I could make sure the processes I wanted were started.  That is where I started remembering the list of ports being monitored in the Linux Jail ....  Also, it was about that time I chanced on reading a statement in the PC-BSD forums where the poster pointed out that Warden does quite a few things in the background.

So ...

I cloned my BSD Jail, giving one an IP in the router address space, and the other another address in another address space.  I made sure the Apache process was started in each Jail and that the firewall had opened port 80.  Then I went to another computer on my network and simply typed in the IP address of each jail in a web browser.  The Jail with the router address space address worked immediately and Apache talked back.  The other one, not.

My conclusion as to Jail IP address:

• If you are simply starting a Jail - give it an IP in the router address space.
• If you are going to configure NAT on the host system, use another address space.

How do you find the Jail if the router does not know about it?  When you address your Jail, the router queries each of its attached machines.  When it queries the host machine, that machine recognises the Jail address and passes the request on to the Jail.  So the router doesn't have to know about the Jail, it just has to be able to have an address in its address space that it can give to the host machine that then knows.

NOW .. I went back to my Linux Jail - with its IP address in the router address space.  I installed an SSH server, made sure it was started (the listened port came up on the info tab).  I opened the SSH port on the firewall.  I then went to another machine on the network,

ssh (ip address)

The Jail replied!  Victory!

So you can now configure your router to talk to a Jail just like any other attached machine.  I would guess you could even assign a static IP to a Jail, using the mac address of the host machine.

A final note about Debian Jails.  When you install the Jail, there are several configuration tasks that are not taken care of that would normally be done so in a Debian Install, but are not.  That is my next little task to take care of with a Debian Linux Jail ....


Later ............

PS
For Debian,

• an easy way to manage startup services is to load package " rcconf " and use that to graphically set services.
• to set the default Locale, install package  " locales " and run " dpkg-reconfigure locales " to select and set your desired Locale.