From owner-freebsd-net@FreeBSD.ORG  Tue Mar 15 23:28:02 2005
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 89AC516A4CE
	for <freebsd-net@freebsd.org>; Tue, 15 Mar 2005 23:28:02 +0000 (GMT)
Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.194])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 733CC43D2F
	for <freebsd-net@freebsd.org>; Tue, 15 Mar 2005 23:28:00 +0000 (GMT)
	(envelope-from slawek.zak@gmail.com)
Received: by wproxy.gmail.com with SMTP id 68so8562wra
        for <freebsd-net@freebsd.org>; Tue, 15 Mar 2005 15:27:58 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
	s=beta; d=gmail.com;
	h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding;
	b=g5w6mdPet3PFQf4xO+pM9l7Q5S7/eXWOwwU/+uh5uOMUDlVLjtvwQV5ZR5Dr7NI2wpj4hOzs4661LjC9eUyfS3r+MdFo+AlUY/aIeLC7jg8zWbtfwNPIWIEDWbzTCHH1feN+8OVXj+I58g9u+q/NOmVzPYU33EUmQQLjCvrvspM=
Received: by 10.54.47.33 with SMTP id u33mr301055wru;
        Tue, 15 Mar 2005 15:27:57 -0800 (PST)
Received: by 10.54.39.23 with HTTP; Tue, 15 Mar 2005 15:27:57 -0800 (PST)
Message-ID: <787bbe1c050315152733f79e7c@mail.gmail.com>
Date: Wed, 16 Mar 2005 00:27:57 +0100
From: =?UTF-8?Q?S=C5=82awek_=C5=BBak?= <slawek.zak@gmail.com>
To: freebsd-net@freebsd.org
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Setup of jail bound to lo0
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: =?UTF-8?Q?S=C5=82awek_=C5=BBak?= <slawek.zak@gmail.com>
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Mar 2005 23:28:02 -0000

Hi,

I need to have some jails configured, sharing single IP address (IPv6
is a no-no for the time being:). Therefore I came up with an idea of
binding them all to lo0 and assigning subsequent IP aliases as the
addresses. The requirement for the jails is to let them to receive
(the easy part) and *send* packets to the outside.

The jails cannot directly access the Internet as they cannot bind to
the external IP address of course. Some translation needs to be made,
I think. After wrestling with ipfw/ipf/pf for a couple of hours I
don't have a working solution.

My last attempt to get outside from the jail with ipfw was:

# ipfw add 200 divert natd log tcp from 127.0.0.2 to 127.0.0.2 222 in via lo0

and for natd:

redirect_port tcp 192.168.153.2:22 127.0.0.2:222

I get this log from natd:

In  {default} 0000ffff[TCP]  [TCP] 127.0.0.2:53057 -> 127.0.0.2:301 aliased to
          [TCP] 127.0.0.2:53057 -> 192.168.153.2:22

Which obviously doesn't work. I've tried to add alias IP, but then it
stops the natd `rule' matching.

Net Gods, help me please, /S