pfSense Gold Subscription

Author Topic: jail (PfJailCtl pkg) on pfsense 2  (Read 2220 times)

0 Members and 1 Guest are viewing this topic.

Offline Yeoman

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
jail (PfJailCtl pkg) on pfsense 2
« on: January 27, 2012, 06:55:56 pm »
I'w read topics about jail in pfsense 2, but they are already locked:
"pfJailCtl and jail_template on 2.0RC1" http://forum.pfsense.org/index.php/topic,35382.0.html
"jail on pfsense 2.0" http://forum.pfsense.org/index.php/topic,40205.0.html

Any chance that somone, who successfully got a working PfJailCtl package (with GUI) on pfsense 2.0 (package version for 1.2.3 is broken) can make it into packages for all other users to use? Or at least do some detailed HOW TO on this forum, how to make it all work.

On the other hand, there are people, who like ezjail more. Is it possible to integrate it into pfsense 2.0 GUI? Or at least how to install it into pfsense box. I'm total beginner in FreeBSD.
« Last Edit: January 27, 2012, 07:05:40 pm by Yeoman »

Offline marcelloc

  • Hero Member
  • *****
  • Posts: 10006
  • Karma: +6/-0
    • View Profile
Re: jail (PfJailCtl pkg) on pfsense 2
« Reply #1 on: January 27, 2012, 07:49:05 pm »
Yeoman,

PfJailCtl is broken for a long time.
I really suggest an ezjail install.

There is no gui for ezjail yet.

You will need to install freebsd packages and configure your jails by hand.

here are the cmd to install ezjail freebsd package on pfsense


i386
pkg_add -r http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/i386/8.1-RELEASE/packages/Latest/ezjail.tbz

amd64
pkg_add -r http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/amd64/8.1-RELEASE/packages/Latest/ezjail.tbz

A quick search on google can help you on ezjail setup
This doc is in portuguese, but all yellow cmd's are in english  ;)
http://www.fug.com.br/content/view/365/60/

A guide you can use starting on step2
http://www.cyberciti.biz/faq/howto-setup-freebsd-jail-with-ezjail/

« Last Edit: January 27, 2012, 07:55:24 pm by marcelloc »

Offline Yeoman

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: jail (PfJailCtl pkg) on pfsense 2
« Reply #2 on: January 27, 2012, 08:38:44 pm »
Thanks for fast and nice replay.

By default pfsense 2 don't have /usr/ports/ and don't have anywhere directory named sysutils. I can just mkdir them and then "make install clean" in there?

I feel bad for such a newbie questions :(

Offline marcelloc

  • Hero Member
  • *****
  • Posts: 10006
  • Karma: +6/-0
    • View Profile
Re: jail (PfJailCtl pkg) on pfsense 2
« Reply #3 on: January 27, 2012, 08:47:24 pm »
You do not need to compile from ports, Pkg_add is just like apt-get or yum from linux.

Just install package with instructions above.

Just like i told you on first post, jump to step 2 of second tutorial.

Offline Yeoman

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: jail (PfJailCtl pkg) on pfsense 2
« Reply #4 on: January 27, 2012, 09:06:10 pm »
Just like i told you on first post, jump to step 2 of second tutorial.
Ohh, in that guide there are 2 times second step, that's why i dont get it at beginning, sorry.

Offline robo

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Re: jail (PfJailCtl pkg) on pfsense 2
« Reply #5 on: January 28, 2012, 04:51:54 am »
I still use pfJailCtl GUI on 2.0.1 and it's capable to start my jail on boot. Of course it needed additional work to make it run smoothly:
1.  Turn on the debug in the GUI.
2. Configure jail and push Create which of course would not work, just copy script from debug output.
3. Replace sysinstall installed by the packet (from FreeBSD 7) with FreeBSD 8.1 version.
4. Modify script from §3 according to your needs, remember to change FreeBSD release to something 8-tish ie I used 8.2, turn ssh if you wish - remember to change port because otherwise pfSense and jail ssh would not be distinguishable.
5. Run your script from shell.
6. Boot jail from GUI.
I successfully share SMB from jail, which I know is not too great idea on firewall, but it save me one box @home and it's a bit safer than sharing directly from pfsense. I also managed to run vnc to xfce4 on xvbf in the jail. If someone would need such functionality I shall share this result.