1.enviroment Setting
buildworld
make installworld DESTDIR=/da1/jail0
make distribution DESTDIR=/da1/jail0
2.add users
改 /da1/jail0/etc/master.passwd
pwd_mkdb -d /da1/jail0/etc /da1/jail0/etc/master.passwd (rebuild password)
add your home dir
3. edit rc.conf
ifconfig_fxp1_alias0="inet 192.168.1.10/24"
jail_enable="YES"
jail_list="testbase"
jail_testbase_devfs_enable="YES"
jail_testbase_devfs_ruleset="devfsrules_jail"
jail_testbase_exec="/bin/sh /etc/rc"
jail_testbase_hostname="testbase"
jail_testbase_ip="192.168.1.10"
jail_testbase_rootdir="/da1/jail0"
pf_enable="YES"
4.pf setting
nat on fxp0 from 192.168.1.0/24 to any -> (fxp0)
nat on fxp1 from 192.168.1.0/24 to any -> (fxp0)
5. other setting ex.resolv.conf , hostname
6.start jail
/etc/rc.d/jail start
7.generate ssh key 請自己去 /etc/rc.d/sshd 翻
ps. 如果要跟 host 共用 ports directory,可以用 mount_nullfs 以 read-only 掛上來 (security issue),然後修改 /etc/make.conf,把本來會寫入的部分都改到 /tmp 下:
DISTDIR= /tmp/distfiles
WRKDIRPREFIX= /tmp/WRKDIR
ps2.
像是 jail 弄好之後發現沒有帳號可以登入,在 jail host 上:
cd /jail_path/etc
vim master.passwd
pwd_mkdb -d . master.passwd
其實也可以這樣:
vipw -d /jail_path/etc
不知道現在的書還會不會教這些…
沒有留言:
張貼留言