Jails - How To

For FreeNAS, NAS4Free and pfSense.


Create a new jail

# Enter the finch chroot environment, as root
sudo finch chroot

# Read the page "jail-ip-addresses" before choosing a jail IP address

# Set a matching ip address for the jail's 'lo0' ifconfig device (for localhost)

# Give an appropriate server name to your jail

# Create a basic jail, with local console access
qjail create -4 "$jail_ip,$jail_loopback" "$jailname"

# Enable unix sockets
qjail config -k "$jailname"

Login for the first time

# Start the jail
qjail start "$jailname"

# Login to our new jail as root
qjail console "$jailname"

# (optional) set the root password

Example: Install a webserver

# Update local pkgng database, to avoid 'failed checksum' for 'pkg install'
pkg update -f

# Either a) install with pkg-ng
ASSUME_ALWAYS_YES="yes" pkg install "nginx"    

# Or b) compile from the ports tree
cd "/usr/ports/www/nginx" && make "config-recursive" "install" "clean"

# Enable nginx rc.d service inside the jail
sysrc "nginx_enable=YES"

# Exit from the jail

# Restart the nginx jail - should start the nginx rc.d script
qjail restart "$jailname"

# Check that nginx is running
fetch -o - "http://$jail_ip" # or open "http://$jail_ip" in a web brower

What next ?