Apache im Jail

portmaster sysutils/ezjail
ezjail-admin update -b
ezjail-admin create www 192.168.0.2
cp /etc/resolv.conf /usr/jails/www/etc
#/etc/rc.conf
syslogd_flags="-s -s"
cloned_interfaces="lo1"
ezjail_enable="YES"
ipv4_addrs_lo1="192.168.0.1-9/24"

#/usr/jails/www/etc/rc.conf
defaultrouter="10.10.10.1"
apache_enable="YES"
sendmail_enable="YES"
#/etc/pf.conf
IP_PUB="213.239.220.21"
IP_JAIL_WWW="192.168.0.2"
NET_JAILS="192.168.0.0/24"
PORT_JAIL="{80,443}"

scrub in all

nat pass on rl0 from $NET_JAILS to any -> $IP_PUB
rdr pass on em0 proto tcp from any to $IP_PUB port $PORT_JAIL -> $IP_JAIL_WWW
rm -rf /usr/jails/www/ports && mkdir -p /usr/jails/www/ports
mount_nullfs /usr/ports /usr/jails/www/usr/ports
jls
jexec $ID passwd
jexec $ID adduser
jexec $ID sh
cd /usr/ports/www/apache24 && make install clean

Leave a Reply

Your email address will not be published. Required fields are marked *