HOWTO

Host IP: 10.0.0.15, Jail IP: 10.0.0.16

JAIL=/jails/jail1
mkdir $JAIL
cd /usr/src
make installworld DESTDIR=$JAIL 
make distribution DESTDIR=$JAIL 

Set up /etc/fstab to mount ports in your jail:

/usr/ports      /jails/jail1/usr/ports      nullfs  ro,auto 0       0
devfs           /jails/jail1/dev            devfs   rw      0       0

Set up /jails/jail1/etc/make.conf for ports:

WRKDIRPREFIX=/var/wrkdir
DISTDIR=/var/distfiles

Set up /jails/jail1/etc/rc.conf

sshd_enable="YES"

Configuring deamons on the jail host

Sendmail: in the .mc file put:

DAEMON_OPTIONS(`Name=IPv4, Addr="10.0.0.15",Family=inet')

Sshd, in /etc/ssh/sshd_config, make sure it only listens on IP of the host

ListenAddress  10.0.0.15

And at last /etc/rc.conf

jail_enable="YES"
jail_list="jail1"
jail_jail1_rootdir="/jails/jail1"
jail_jail1_hostname="jail1"
jail_jail1_ip="10.0.0.16"

Links

• Handbook about jails, just follow this :)
• Jails
• Multiple Jails
• http://wiki.freebsd.org/Jails

FAQ

upgrading jails

http://www.cyberciti.biz/faq/how-to-upgrade-freebsd-jail-vps/

copying jails

Of course you first stop the jail to copy :)

tar -cpf - . | tar -C /usr/jail/new -xpf -

ln: /dev/log: Operation not permitted

How to see which jails are active?

jls

(dis) allow icmp

sysctl security.jail.allow_raw_sockets

enter a jail

Get the JID of the jail to enter

jls

Then enter jail 2 with your shell of choice

jexec 2 csh

(postgresql) FATAL: could not create shared memory segment: Function not implemented

# For PostgreSQL
#http://www.freebsddiary.org/jail-multiple.php
jail_sysvipc_allow="YES"

non-existent system call invoked

compat options? COMPAT_* in kernel?

jls shows stopped jail

something is still in use.

Notes

sysinstall _ftpPath=ftp://ftp.FreeBSD.org/pub/FreeBSD/ nonInteractive=yes mediaSetFTP

             releaseName=7.1-RELEASE dists=base distSetCustom installRoot=<JAILDIR> installCommit