■FreeBSD10.1-RC4のqjail環境にlo0アドレスを設定する。
ifconfig lo0
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
■ホスト側のlo0アドレスには当然IP「127.0.0.1」が振られている。
$ ifconfig lo0
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
inet 127.0.0.1 netmask 0xff000000
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
■ホスト側でIP設定を編集
$ sudo qjail stop qjail001
Jail successfully stopped qjail001
$ sudo qjail config -4 "192.168.100.1,lo0|127.0.0.2" qjail001
Successful ip change qjail001
$ sudo qjail start qjail001
Jail successfully started qjail001
■jailにログインして確認
$ ifconfig lo0
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
inet 127.0.0.2 netmask 0xffffffff
■ホストにnmapをインストールして確認
$ su root -c 'pkg install -y nmap'
$ sudo nmap -sT 127.0.0.2
Starting Nmap 6.47 ( http://nmap.org ) at 2014-11-22 23:55 JST
Nmap scan report for 127.0.0.2
Host is up (0.00011s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
25/tcp open smtp
80/tcp open http
199/tcp open smux
Nmap done: 1 IP address (1 host up) scanned in 13.22 seconds
$ sudo nmap -sT 192.168.100.1
Starting Nmap 6.47 ( http://nmap.org ) at 2014-11-22 23:56 JST
Nmap scan report for 192.168.100.1
Host is up (0.00011s latency).
Not shown: 996 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
80/tcp open http
199/tcp open smux
Nmap done: 1 IP address (1 host up) scanned in 13.05 seconds
■jailのlocalhostを設定
$ sudo qjail console qjail001
qjail001 /root >sh
127.0.0.2 localhost localhost.localdomain
192.168.100.1 qjail001 qjail001.localdomain
■localhostでjail自身にsshログイン
$ sudo qjail console qjail001
ListenAddress 127.0.0.2
ListenAddress 192.168.100.1
netstat: kvm not available: /dev/mem: No such file or directory
tcp4 0 0 127.0.0.2.22 *.* LISTEN
tcp4 0 0 192.168.100.1.22 *.* LISTEN
Password:
$ exit
■ホスト側もlo0を使えるようにする。
$ grep "^ListenAddress" /etc/ssh/sshd_config
ListenAddress 127.0.0.1
ListenAddress 172.16.115.128
$ sudo service sshd restart
$ netstat -an | grep ".22 "
tcp4 0 0 127.0.0.1.22 *.* LISTEN
tcp4 0 0 172.16.115.128.22 *.* LISTEN
tcp4 0 0 127.0.0.2.22 *.* LISTEN
tcp4 0 0 192.168.100.1.22 *.* LISTEN
■ホスト側からjailのlo0にssh接続する。
$ ssh 127.0.0.2
Password for labunix@qjail001:
Last login: Sun Nov 23 00:05:28 2014 from localhost
FreeBSD 10.1-RC4-p1 (GENERIC)
Welcome to your FreeBSD jail.
[( jail ) qjail001:/usr/home/labunix]$ netstat -rn
Routing tables
Internet:
Destination Gateway Flags Netif Expire
127.0.0.2 link#2 UH lo0
192.168.100.1 link#1 UHS lo0
[( jail ) qjail001:/usr/home/labunix]$ ifconfig em0
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=9b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM>
ether 00:0c:29:b1:7b:4a
inet 192.168.100.1 netmask 0xffffffff broadcast 192.168.100.1
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
■jail側にプロキシを設定
$ tail -4 /etc/profile | sed s/"[0-9]"/"X"/g
export HTTP_PROXY="http://XXX.XX.XX.XX:XXXX"
export FTP_PROXY="http://XXX.XX.XX.XX:XXXX"
export http_proxy="http://XXX.XX.XX.XX:XXXX"
export ftp_proxy="http://XXX.XX.XX.XX:XXXX"
■ログインしなおして、pkgコマンドを実行
[( jail ) qjail001:/usr/home/labunix]$ su root -c 'pkg install -y w3m'
$ w3m -dump http://google.co.jp | grep "[Google"
[Google 検索][I'm Feeling Lucky]