VMs | diyIT
VMs leverage bhyve

Currently run these natively on the host system instead of inside a jail - more flexibility in network connectivity

Run VMs in a special jail

Current VMs:

  • FreePBX/Asterisk 15
  • Windows 10 Enterprise N LTSC 1809 - gaming proxy
  • Linux Ubuntu 18.04 - docker deployment
  • Windows Server 2019 DC - docker deployment, hmailserver, openvms emulation
  • FreeBSD 12.1-RELEASE
  • Kali 2020.2


<span class="kwd">export</span><span class="pln"> JAIL</span><span class="pun">=</span><span class="pln">vm
</span><span class="kwd">export</span><span class="pln"> JAILHOSTNAME</span><span class="pun">=</span><span class="pln">vm
</span><span class="kwd">export</span><span class="pln"> JAILDOMAIN</span><span class="pun">=</span><span class="pln">ahlawat</span><span class="pun">.</span><span class="pln">com
</span><span class="kwd">export</span><span class="pln"> JAILIP</span><span class="pun">=</span><span class="lit">89</span><span class="pln">
</span><span class="kwd">export</span><span class="pln"> JAILUSER</span><span class="pun">=</span><span class="pln">X
</span><span class="kwd">export</span><span class="pln"> JAILUSERID</span><span class="pun">=</span><span class="lit">1000</span><span class="pln">
</span><span class="kwd">export</span><span class="pln"> JAILUSERVNC</span><span class="pun">=</span><span class="kwd">false</span><span class="pln">

</span><span class="pun">/</span><span class="pln">root</span><span class="pun">/</span><span class="typ">FreeBSD</span><span class="pun">/</span><span class="pln">jails</span><span class="pun">/</span><span class="pln">create</span><span class="pun">.</span><span class="pln">sh $JAIL $JAILHOSTNAME $JAILDOMAIN $JAILIP $JAILUSER $JAILUSERID $JAILUSERVNC

iocage fstab </span><span class="pun">-</span><span class="pln">r $JAIL </span><span class="pun">/</span><span class="pln">mnt</span><span class="pun">/</span><span class="pln">ship</span><span class="pun">/</span><span class="pln">certs </span><span class="pun">/</span><span class="pln">mnt</span><span class="pun">/</span><span class="pln">certs nullfs ro </span><span class="lit">0</span><span class="pln"> </span><span class="lit">0</span><span class="pln">

iocage </span><span class="kwd">exec</span><span class="pln"> $JAIL </span><span class="str">"mkdir /mnt/windows"</span><span class="pln">
iocage fstab </span><span class="pun">-</span><span class="pln">a $JAIL </span><span class="pun">/</span><span class="pln">mnt</span><span class="pun">/</span><span class="pln">ship</span><span class="pun">/</span><span class="pln">sw</span><span class="pun">/</span><span class="pln">iso</span><span class="pun">/</span><span class="pln">windows </span><span class="pun">/</span><span class="pln">mnt</span><span class="pun">/</span><span class="pln">windows nullfs ro </span><span class="lit">0</span><span class="pln"> </span><span class="lit">0</span><span class="pln">
iocage </span><span class="kwd">exec</span><span class="pln"> $JAIL </span><span class="str">"mkdir /mnt/linux"</span><span class="pln">
iocage fstab </span><span class="pun">-</span><span class="pln">a $JAIL </span><span class="pun">/</span><span class="pln">mnt</span><span class="pun">/</span><span class="pln">ship</span><span class="pun">/</span><span class="pln">sw</span><span class="pun">/</span><span class="pln">iso</span><span class="pun">/</span><span class="pln">linux </span><span class="pun">/</span><span class="pln">mnt</span><span class="pun">/</span><span class="pln">linux nullfs ro </span><span class="lit">0</span><span class="pln"> </span><span class="lit">0</span><span class="pln">
iocage </span><span class="kwd">exec</span><span class="pln"> $JAIL </span><span class="str">"mkdir /mnt/freebsd"</span><span class="pln">
iocage fstab </span><span class="pun">-</span><span class="pln">a $JAIL </span><span class="pun">/</span><span class="pln">mnt</span><span class="pun">/</span><span class="pln">ship</span><span class="pun">/</span><span class="pln">sw</span><span class="pun">/</span><span class="pln">iso</span><span class="pun">/</span><span class="pln">freebsd </span><span class="pun">/</span><span class="pln">mnt</span><span class="pun">/</span><span class="pln">freebsd nullfs ro </span><span class="lit">0</span><span class="pln"> </span><span class="lit">0</span><span class="pln">
iocage fstab </span><span class="pun">-</span><span class="pln">l $JAIL

iocage </span><span class="kwd">exec</span><span class="pln"> $JAIL </span><span class="str">"pkg install -y bhyve-firmware tmux"</span><span class="pln">

iocage </span><span class="kwd">exec</span><span class="pln"> $JAIL cp </span><span class="pun">/</span><span class="pln">mnt</span><span class="pun">/</span><span class="pln">config</span><span class="pun">/.</span><span class="pln">tmux</span><span class="pun">.</span><span class="pln">conf </span><span class="pun">/</span><span class="pln">root

iocage stop $JAIL

iocage </span><span class="kwd">set</span><span class="pln"> allow_vmm</span><span class="pun">=</span><span class="lit">1</span><span class="pln"> children_max</span><span class="pun">=</span><span class="lit">8</span><span class="pln"> securelevel</span><span class="pun">=</span><span class="lit">1</span><span class="pln"> allow_mount</span><span class="pun">=</span><span class="lit">1</span><span class="pln"> enforce_statfs</span><span class="pun">=</span><span class="lit">1</span><span class="pln"> allow_mount_devfs</span><span class="pun">=</span><span class="lit">1</span><span class="pln"> devfs_ruleset</span><span class="pun">=</span><span class="lit">200</span><span class="pln">  allow_mount_procfs</span><span class="pun">=</span><span class="lit">1</span><span class="pln"> exec_start</span><span class="pun">=</span><span class="str">"/bin/sh /mnt/config/setup_jail.sh"</span><span class="pln"> exec_prestart</span><span class="pun">=</span><span class="str">"/bin/sh /root/FreeBSD/jails/config/vm/create_taps.sh"</span><span class="pln"> $JAIL

iocage start $JAIL</span>











Notes
#added to sysctl.conf
#sysctl net.link.tap.up_on_open=1

#check disk usage of VMs
#zfs list -ro space ship/raw

#use chicken of the VNC for these bhyve VNC connections
#https://github.com/boecko/chicken/releases/tag/v2.2b3

Showcased here is a capital and operational cost effective approach, using minimal server and networking hardware with multiple virtualized applications for Home and Business. This solution template can be easily scaled out and adapted for larger Enterprise deployments.
drop by the diyIT Matrix public room at #diyit:matrix.ahlawat.com
if you have any IT questions/feedback or to request pro bono consulting for a nonprofit

message me privately at @sharad:matrix.ahlawat.com
or email me at - sharad@ahlawat.com - pgpkey: 68DD6B89
Networking and Security Technologist.
Engineer and an avid Programmer.

https://sharad.ahlawat.com
strive to learn and pass on the knowledge to the next generation
one day humanity will understand the meaning of life and hopefully it will be more than ASCII 42 = "*" regex for whatever you want it to be,
and destiny is more than just a roll of a pair of dice with 42 dots (Lets nail down Quantum Entanglement)

May you Live Long (Intelligently) and Prosper and work on technology that matters.
© 2025 Sharad Ahlawat

No personal identifying data is collected or any form of analytics/metrics reported to a third-party by this website.