Jail (PfJailCtl pkg) on pfsense 2
-
I'w read topics about jail in pfsense 2, but they are already locked:
"pfJailCtl and jail_template on 2.0RC1" http://forum.pfsense.org/index.php/topic,35382.0.html
"jail on pfsense 2.0" http://forum.pfsense.org/index.php/topic,40205.0.htmlAny chance that somone, who successfully got a working PfJailCtl package (with GUI) on pfsense 2.0 (package version for 1.2.3 is broken) can make it into packages for all other users to use? Or at least do some detailed HOW TO on this forum, how to make it all work.
On the other hand, there are people, who like ezjail more. Is it possible to integrate it into pfsense 2.0 GUI? Or at least how to install it into pfsense box. I'm total beginner in FreeBSD.
-
Yeoman,
PfJailCtl is broken for a long time.
I really suggest an ezjail install.There is no gui for ezjail yet.
You will need to install freebsd packages and configure your jails by hand.
here are the cmd to install ezjail freebsd package on pfsense
i386
pkg_add -r http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/i386/8.1-RELEASE/packages/Latest/ezjail.tbzamd64
pkg_add -r http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/amd64/8.1-RELEASE/packages/Latest/ezjail.tbzA quick search on google can help you on ezjail setup
This doc is in portuguese, but all yellow cmd's are in english ;)
http://www.fug.com.br/content/view/365/60/A guide you can use starting on step2
http://www.cyberciti.biz/faq/howto-setup-freebsd-jail-with-ezjail/ -
Thanks for fast and nice replay.
By default pfsense 2 don't have /usr/ports/ and don't have anywhere directory named sysutils. I can just mkdir them and then "make install clean" in there?
I feel bad for such a newbie questions :(
-
You do not need to compile from ports, Pkg_add is just like apt-get or yum from linux.
Just install package with instructions above.
Just like i told you on first post, jump to step 2 of second tutorial.
-
Just like i told you on first post, jump to step 2 of second tutorial.
Ohh, in that guide there are 2 times second step, that's why i dont get it at beginning, sorry.
-
I still use pfJailCtl GUI on 2.0.1 and it's capable to start my jail on boot. Of course it needed additional work to make it run smoothly:
1. Turn on the debug in the GUI.
2. Configure jail and push Create which of course would not work, just copy script from debug output.
3. Replace sysinstall installed by the packet (from FreeBSD 7) with FreeBSD 8.1 version.
4. Modify script from §3 according to your needs, remember to change FreeBSD release to something 8-tish ie I used 8.2, turn ssh if you wish - remember to change port because otherwise pfSense and jail ssh would not be distinguishable.
5. Run your script from shell.
6. Boot jail from GUI.
I successfully share SMB from jail, which I know is not too great idea on firewall, but it save me one box @home and it's a bit safer than sharing directly from pfsense. I also managed to run vnc to xfce4 on xvbf in the jail. If someone would need such functionality I shall share this result.