Author: Salvor Hardin
Date: 07-07-08 22:04
Good article. Ezjail is incredibly useful. I combine it with NATD to create a bunch of jails all accessible through one public IP address. I encode each jail's unique ports in the last octet of the private IP address space, using NATD directives like this:
# JAIL 10
redirect_port tcp 192.168.9.10:22 1022
redirect_port tcp 192.168.9.10:80 1080
# JAIL 11
redirect_port tcp 192.168.9.11:22 1122
redirect_port tcp 192.168.9.11:80 1180
redirect_port tcp 192.168.9.11:443 11443
Each jail's services are on unique ports, using URLs like https://www.example.com:11443/, for example, and ssh -p 1122. The only problem I have had is that some of our large corporate clients block all incoming and outgoing ports above 999. Baffling, but true!
Ezjail and natd help us leverage a single inexpensive server to host 35 development environments. Very cool!
The numbering scheme limits me to 56 jails, because port numbers top out at 65535, making 65443 the highest available https port. We've never come close to topping that out, so this works very well for us.