Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Jail on pfsense 2.0

    Scheduled Pinned Locked Moved pfSense Packages
    4 Posts 3 Posters 5.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • marcellocM
      marcelloc
      last edited by

      Does anybody use or plan to use jail on pfsense?

      It't very usefull to run/compile freebsd packages without reducing pfsense security.

      I've tried jailctl package but it seem to be broken on 2.0 (i386 and amd64).

      Ezjail works fine to me in 2.0, I could replace jailctrl package to ezjail, but first i need to know if it is used by anybody.

      Treinamentos de Elite: http://sys-squad.com

      Help a community developer! ;D

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        I prefer to keep things in separate VMs on the firewall if things must be combined, but jails are good. (There are ways to break out of jails though, search even this forum for some lengthy debates on security)

        When I use jails myself on other FreeBSD hosts I prefer to use ezjail.

        Remember: Upvote with the đź‘Ť button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • S
          Sn3ak
          last edited by

          I have just upgraded two 1.2.3 boxes to 2.0, with jails. and those are working correctly.

          But you are correct. the Jail package has not been updated for 2.0 yet. It's still trying to fetch
          7.0-Release, which has been moved to ftp-archive on the FreeBSD servers… So it's unfetchable.

          I have some patches to use a newer sysinstall, use FreeBSD 8.1-Release, however I am still stuck
          with a new documentation prompt in sysinstall, which causes the automatic load to fail.  Unfortunately
          the sysinstall people don't like documentation much (which I believe they themselves made claim to)
          and I haven't had a chance to try and dig through the source code to see how to disable this prompt.

          Put that all aside, I have a few friends happily running on 2.0-Beta + which I helped them hack up the
          jail package on, and other then needing to manually run the script/accept the documentation prompt,
          it's working well for them. One noticed that using the nullfs/unionfs image on a high load system caused
          hard locks though.

          Hopefully now that I have a few pfsense boxes that I manage running 2.0-Release, I'll be more likely to
          figure out the remaining issues and submit patches.

          1 Reply Last reply Reply Quote 0
          • marcellocM
            marcelloc
            last edited by

            thanks for you reply.

            ezjail is working much better then pfjctrl.

            If you are doing patches, means that you know what you are doing.

            backup your vm's, uninstall pfjctrl and install ezjail.

            ezjail-admin will help you creating new virtual machines with freebsd 8.1.

            follow ezjail build steps on a freebsd 8.1-p4 and you will have same version on pfsense and jails.

            As pfsense2 has been release there is no problem on migrating pfjctrl to ezail.

            I'll try to start it soon.

            Treinamentos de Elite: http://sys-squad.com

            Help a community developer! ;D

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.