ezjail (sysutils/ezjail)をインストール
root@a:~ # pkg add /var/ports/packages/All/ezjail-3.4.2_1.pkg
ezjail環境を構築
root@a:~ # ezjail-admin update -i root@a:~ # cp /usr/jails/basejail/usr/share/zoneinfo/Asia/Tokyo /usr/jails/newjail/etc/localtime root@a:~ # cp /etc/resolv.conf /usr/jails/newjail/etc
jailツリー(/usr/jails/ns)の生成
root@a:~ # ezjail-admin create ns 192.168.1.1
SSHローカルIPの設定
root@a:~ # diff -u /usr/jails/ns/etc/ssh/sshd_config.org /usr/jails/ns/etc/ssh/sshd_config --- /usr/jails/ns/etc/ssh/sshd_config.org 2023-03-06 10:00:52.994151000 +0900 +++ /usr/jails/ns/etc/ssh/sshd_config 2023-03-06 10:01:50.154626000 +0900 @@ -15,7 +15,7 @@ #Port 22 #AddressFamily any -#ListenAddress 0.0.0.0 +ListenAddress 192.168.1.1 #ListenAddress :: #HostKey /etc/ssh/ssh_host_rsa_key root@a:~ #
起動スクリプト(/usr/local/etc/ezjail/ns)の設定
root@a:~ # diff -u /usr/local/etc/ezjail.org/ns /usr/local/etc/ezjail/ns --- /usr/local/etc/ezjail.org/ns 2023-03-06 09:59:04.441797000 +0900 +++ /usr/local/etc/ezjail/ns 2023-03-06 16:28:04.473914000 +0900 @@ -7,7 +7,7 @@ # export jail_ns_hostname="ns" -export jail_ns_ip="192.168.1.1" +export jail_ns_interface="epair1a" export jail_ns_rootdir="/usr/jails/ns" export jail_ns_exec_start="/bin/sh /etc/rc" export jail_ns_exec_stop="" @@ -25,6 +25,12 @@ export jail_ns_cpuset="" export jail_ns_fib="" export jail_ns_parentzfs="" -export jail_ns_parameters="" +export jail_ns_parameters="enforce_statfs=1; allow.mount.devfs; allow.mount; allow.mount.procfs;" +export jail_ns_socket_unixiproute_only="NO" export jail_ns_post_start_script="" export jail_ns_retention_policy="" +export jail_ns_exec_prestart0="ifconfig epair1 create up" +export jail_ns_exec_poststart0="ifconfig epair1a vnet ns" +export jail_ns_exec_poststart1="jexec ns /sbin/ifconfig epair1a 192.168.1.1/24" +export jail_ns_exec_poststart2="jexec ns /sbin/route add default 192.168.1.254" +export jail_ns_exec_poststop0="ifconfig epair1a destroy" root@a:~ #
いざJail環境(ns)を起動
root@a:~ # service ezjail start
起動はするも,nsは完全に"jail"だった;-(
root@a:~ # jls
JID IP Address Hostname Path
1 ns /usr/jails/ns
root@a:~ # jexec 1 tcsh
root@ns:/ # cd
root@ns:~ # netstat -rn
Routing tables
Internet:
Destination Gateway Flags Netif Expire
default 192.168.1.254 UGS epair1a
127.0.0.1 link#7 UH lo0
192.168.1.0/24 link#5 U epair1a
192.168.1.1 link#5 UHS lo0
Internet6:
Destination Gateway Flags Netif Expire
::/96 ::1 UGRS lo0
::1 link#7 UHS lo0
::ffff:0.0.0.0/96 ::1 UGRS lo0
fe80::/10 ::1 UGRS lo0
fe80::%lo0/64 link#7 U lo0
fe80::1%lo0 link#7 UHS lo0
ff02::/16 ::1 UGRS lo0
root@ns:~ # ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7
inet 127.0.0.1 netmask 0xff000000
groups: lo
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
epair1a: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 02:6f:cc:60:29:0a
inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
groups: epair
media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
root@ns:~ # ping 192.168.1.254
PING 192.168.1.254 (192.168.1.254): 56 data bytes
ping: sendto: Permission denied
ping: sendto: Permission denied
^C
--- 192.168.1.254 ping statistics ---
2 packets transmitted, 0 packets received, 100.0% packet loss
root@ns:~ #