The translation is temporarily closed for contributions due to maintenance, please come back later.

Source string Read only

(itstool) path: step/title
Context English State
<prompt>#</prompt> <userinput>service netif cloneup</userinput>
Created clone interfaces: lo1.
Jails can be allowed to use aliases of this secondary loopback interface without interfering with the host.
Inside a jail, access to the loopback address <systemitem class="ipaddress"></systemitem> is redirected to the first <acronym>IP</acronym> address assigned to the jail. To make the jail loopback correspond with the new <literal>lo1</literal> interface, that interface must be specified first in the list of interfaces and <acronym>IP</acronym> addresses given when creating a new jail.
Give each jail a unique loopback address in the <systemitem class="ipaddress"></systemitem><systemitem class="netmask">/8</systemitem> netblock.
Install <package role="port">sysutils/ezjail</package>:
<prompt>#</prompt> <userinput>cd /usr/ports/sysutils/ezjail</userinput>
<prompt>#</prompt> <userinput>make install clean</userinput>
Enable <application>ezjail</application> by adding this line to <filename>/etc/rc.conf</filename>:
The service will automatically start on system boot. It can be started immediately for the current session:
<prompt>#</prompt> <userinput>service ezjail start</userinput>
With <application>ezjail</application> installed, the basejail directory structure can be created and populated. This step is only needed once on the jail host computer.
In both of these examples, <option>-p</option> causes the ports tree to be retrieved with <citerefentry><refentrytitle>portsnap</refentrytitle><manvolnum>8</manvolnum></citerefentry> into the basejail. That single copy of the ports directory will be shared by all the jails. Using a separate copy of the ports directory for jails isolates them from the host. The <application>ezjail</application> <acronym>FAQ</acronym> explains in more detail: <link xlink:href=""/>.
To Populate the Jail with FreeBSD-RELEASE
For a basejail based on the FreeBSD RELEASE matching that of the host computer, use <command>install</command>. For example, on a host computer running FreeBSD 10-STABLE, the latest RELEASE version of FreeBSD -10 will be installed in the jail):
<prompt>#</prompt> <userinput>ezjail-admin install -p</userinput>
To Populate the Jail with <command>installworld</command>
The basejail can be installed from binaries created by <_:buildtarget-1/> on the host with <command>ezjail-admin update</command>.
In this example, FreeBSD 10-STABLE has been built from source. The jail directories are created. Then <_:buildtarget-1/> is executed, installing the host's <filename>/usr/obj</filename> into the basejail.
<prompt>#</prompt> <userinput>ezjail-admin update -i -p</userinput>
The host's <filename>/usr/src</filename> is used by default. A different source directory on the host can be specified with <option>-s</option> and a path, or set with <varname>ezjail_sourcetree</varname> in <filename>/usr/local/etc/ezjail.conf</filename>.
The basejail's ports tree is shared by other jails. However, downloaded distfiles are stored in the jail that downloaded them. By default, these files are stored in <filename>/var/ports/distfiles</filename> within each jail. <filename>/var/ports</filename> inside each jail is also used as a work directory when building ports.
The <acronym>FTP</acronym> protocol is used by default to download packages for the installation of the basejail. Firewall or proxy configurations can prevent or interfere with <acronym>FTP</acronym> transfers. The <acronym>HTTP</acronym> protocol works differently and avoids these problems. It can be chosen by specifying a full <acronym>URL</acronym> for a particular download mirror in <filename>/usr/local/etc/ezjail.conf</filename>:
See <xref linkend="mirrors-ftp"/> for a list of sites.
Creating and Starting a New Jail
New jails are created with <command>ezjail-admin create</command>. In these examples, the <literal>lo1</literal> loopback interface is used as described above.
Create and Start a New Jail
Create the jail, specifying a name and the loopback and network interfaces to use, along with their <acronym>IP</acronym> addresses. In this example, the jail is named <literal>dnsjail</literal>.
<prompt>#</prompt> <userinput>ezjail-admin create <replaceable>dnsjail</replaceable> '<replaceable>lo1|</replaceable>,<replaceable>em0</replaceable>|<replaceable></replaceable>'</userinput>
Most network services run in jails without problems. A few network services, most notably <citerefentry><refentrytitle>ping</refentrytitle><manvolnum>8</manvolnum></citerefentry>, use <emphasis>raw network sockets</emphasis>. In jails, raw network sockets are disabled by default for security. Services that require them will not work.


No matching activity found.

Browse all component changes

Source information

Source string comment
(itstool) path: step/title
Source string location
String age
a year ago
Source string age
a year ago
Translation file
books/handbook.pot, string 5016