# Possible to get a small amount of "this way"?



## sdad (Jan 12, 2011)

So far my experience with FreeBSD has been ipfw and pf.  That's it.  Prior life has been gui-based.  Huge pockets of "no-clue".  

As I extend my study of security, I have chosen to create a "browser server" , a bastion host, if you will.  Rather than run Firefox, or Chrome, on my desktop, I'd like a desktop icon take me to an external server that runs the browser there. Server would be dual homed, one to the internet and the other back to my desktop.  The client's exposure to the internet, for browsing, at least, would be limited by the browser server.  

I see 2 possible routes, one is the use a jail (preferred direction), the other to open things up a bit and use virtualbox, and some other desktop inside of that. 

Regarding the jail, I wonder if I'll be able to run firefox or chrome as a service, using the FreeBSD ports of those browsers, or do I revert back to virtualbox? If possible to use a jail, I think this would expose me to many new(for me) techniques that I'd never get with virtualbox

Since I am so new to FreeBSD, I'm not sure what sorts of other options I have available to me. Perhaps someone could list out a couple of possibilities for me to consider, as well as your recommendation on running a browser in a jail?  BTW, this is not necessarily a production type of approach here.  More of a class project, if you will.


----------



## sossego (Jan 13, 2011)

Go for running the browser within the jail. I, myself, never could get X working properly in the jail.
To me, the advantages over VirtualBox are:
1) You only need to copy the executables for running the browser, a simple desktop, maybe a few compat libraries, and what else have you.
2) Less stress on the CPU.
3) Would be similar to starting X with :1 or some other value.
4) The browser is separated from the system. This is the way it should be run.

Seems that your project has some focus on security.


----------

