In order to enable a firewall for the jail I have been experimenting with copying kernel modules to /boot/kernel on the host.
FreeNAS does not include a firewall with the host, therefore it is also not available for the jail.
FreeNAS has ipfw command tool, therefore it would make sense to first try including ipfw as the firewall of choice.
I installed FreeBSD on a virtual machine by following the Guide: How to Build FreeNAS (Part 2: Install and Build FreeNAS).
Then I copied the missing kernel modules to the FreeNAS host (scp module to /tmp, then mount -uw /, then copy to /boot/kernel, chmod 555 module)
Those modules were:
- ipfw.ko
- ipfw_nat.ko
- libalias.ko (needed for ipfw)
The recommended way to load ipfw is the following command (you need the part after && otherwise you will loose access to your host)
kldload ipfw && ipfw -q add 65000 allow all from any to any
I have been able to load other kernel modules that I needed for the jail but ipfw so far does not work:
kldload: can't load ipfw: Exec format error
The terminal console shows
linker_lib_elf: symbol ip_fw_ctl_ptr undefined
linker_load file: Unsupported file type
Does that mean I will need a custom build of FreeNAS or am I missing a *.ko.symbol file in /boot/kernel?
If a custom build is necessary what file/option on the FreeNAS development machine needs to be changed to include ipfw?
Urs
FreeNAS does not include a firewall with the host, therefore it is also not available for the jail.
FreeNAS has ipfw command tool, therefore it would make sense to first try including ipfw as the firewall of choice.
I installed FreeBSD on a virtual machine by following the Guide: How to Build FreeNAS (Part 2: Install and Build FreeNAS).
Then I copied the missing kernel modules to the FreeNAS host (scp module to /tmp, then mount -uw /, then copy to /boot/kernel, chmod 555 module)
Those modules were:
- ipfw.ko
- ipfw_nat.ko
- libalias.ko (needed for ipfw)
The recommended way to load ipfw is the following command (you need the part after && otherwise you will loose access to your host)
kldload ipfw && ipfw -q add 65000 allow all from any to any
I have been able to load other kernel modules that I needed for the jail but ipfw so far does not work:
kldload: can't load ipfw: Exec format error
The terminal console shows
linker_lib_elf: symbol ip_fw_ctl_ptr undefined
linker_load file: Unsupported file type
Does that mean I will need a custom build of FreeNAS or am I missing a *.ko.symbol file in /boot/kernel?
If a custom build is necessary what file/option on the FreeNAS development machine needs to be changed to include ipfw?
Urs