Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
FreeBSD Droplet no IP Adress Question Question
DNS A record not redirect to public static IP. Already 4 days ago i was create A record but not working Question Question

Question

How do I know what IP to assign to my FreeBSD jail to avoid conflicts?

Posted July 24, 2017 7.3k views
Getting StartedNetworkingDNSFreeBSD

So I am trying to install a Nextcloud instance inside a FreeBSD jail. The domain I have chosen is pointing at the host FreeBSD instance inside which I want to spin up a FreeBSD jail and in order to do that I have to assign my jail an IP address.

My question is how to provide a safe enough IP address so as to get up and running and also to get my domain name to point at the running jail instead of the host OS.

Add a comment
sranvir155
By:
sranvir155

Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
FreeBSD Droplet no IP Adress Question Question
DNS A record not redirect to public static IP. Already 4 days ago i was create A record but not working Question Question

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
2 answers
mzs114 July 24, 2017

For using a internal private subnet series, you can stick to the common private IP ranges that start with 192. 172. and 10. [1]
If you have enabled private IP for the droplet, just make sure that you choose a series different from the droplet private IP.

Next, the domain will still be pointing to host IP, what you can do is forward packets (using NAT) which arrive on socket - combination of host IP and TCP 80, to internal private IP plus any arbitrary port on where the service is listening in the jail(lets say 8000, or 8080, etc).

RequestfromInternet => host:80 => jailIP:xxxx

To configure the above you will need to work with PF and make the host act as a gateway, following blog has demonstrated basic concept(the last config example) on making NAT work, on top of this you will need to modify PF config to do port forwarding.

https://kgibran.wordpress.com/2016/01/10/internet-connectivity-to-jails-on-freebsd/

[1]
https://en.wikipedia.org/wiki/Private_network#Private_IPv4_address_spaces

Reply Report
chriswells July 25, 2017

I set my jails up in a similar way, but I use a cloned loopback interface rather than an IP on an external interface. Since 127.0.0.0/8 (127.*.*.*) is reserved for the loopback address, you can use any address in that range (just don’t use the commonly used 127.0.0.1). I prefer to reserve 127.1.0.0/16 (127.1.*.*) for jails, so I could use the 3rd octet to logically/mentally group them if needed (e.g., by purpose or function). This approach “feels right” to me since it keeps local services on local IP addresses.

Add to /etc/rc.conf:

# Jails:
ezjail_enable="YES"
cloned_interfaces="${cloned_interfaces} lo1"
ifconfig_lo1="inet 127.1.0.0/16"

Bring up the cloned interface: sudo service netif cloneup

Add to /etc/pf.conf:

ext_if="vtnet0"
jail_if="lo1"
jail_net=$jail_if:network
www_jail="127.1.1.1"
www_ports="{ 80, 443 }"
nat on $ext_if from $jail_net to any -> ($ext_if)
rdr pass on $ext_if inet proto tcp to port $www_ports -> $www_jail

Create and start your jail:

sudo ezjail-admin create www 'lo1|127.1.1.1'
sudo ezjail-admin start www

The rest (such as installing ezjail) should be typical setup/config.

Reply Report

Related

Looking for something else?

Ask a new question Search for more help