The FreeBSD Diary

The FreeBSD Diary (TM)

Providing practical examples since 1998

If you buy from Amazon USA, please support us by using this link.
[ HOME | TOPICS | INDEX | WEB RESOURCES | BOOKS | CONTRIBUTE | SEARCH | FEEDBACK | FAQ | FORUMS ]

 New Topic  |  Go to Top  |  Go to Topic  |  Search  |  Log In   Previous Message  |  Next Message 
 ezjail and natd
Author: Salvor Hardin 
Date:   07-07-08 22:04

Good article. Ezjail is incredibly useful. I combine it with NATD to create a bunch of jails all accessible through one public IP address. I encode each jail's unique ports in the last octet of the private IP address space, using NATD directives like this:

log yes

# JAIL 10
redirect_port tcp 192.168.9.10:22 1022
redirect_port tcp 192.168.9.10:80 1080

# JAIL 11
redirect_port tcp 192.168.9.11:22 1122
redirect_port tcp 192.168.9.11:80 1180
redirect_port tcp 192.168.9.11:443 11443

Each jail's services are on unique ports, using URLs like https://www.example.com:11443/, for example, and ssh -p 1122. The only problem I have had is that some of our large corporate clients block all incoming and outgoing ports above 999. Baffling, but true!

Ezjail and natd help us leverage a single inexpensive server to host 35 development environments. Very cool!

The numbering scheme limits me to 56 jails, because port numbers top out at 65535, making 65443 the highest available https port. We've never come close to topping that out, so this works very well for us.



 Reply To This Message  |  Forum List  |  Flat View   Newer Topic  |  Older Topic 

 Topics Author  Date
 ezjail and natd   new
Salvor Hardin 07-07-08 22:04 
 Re: ezjail and natd   new
tld 26-08-08 10:39 


 Forum List  |  Need a Login? Register Here 
 User Login
 User Name:
 Password:
 Remember my login:
   
 Forgot Your Password?
Enter your email address or user name below and a new password will be sent to the email address associated with your profile.
How to get the most out of the forum

phorum.org