Date: Thu, 9 Dec 2010 14:51:13 -0500 From: Alejandro Imass <ait@p2ee.org> To: Eitan Adler <lists@eitanadler.com> Cc: questions@freebsd.org Subject: Re: simple NAT for jails Message-ID: <AANLkTikYM3=BxRsAuwvQdUyNQxP3fzWotX4sE1oZoSLA@mail.gmail.com> In-Reply-To: <AANLkTinT1F_Z4iUX_8Jq2pmyEPag3apqaapnebDkdViv@mail.gmail.com> References: <AANLkTinT1F_Z4iUX_8Jq2pmyEPag3apqaapnebDkdViv@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Dec 9, 2010 at 12:23 PM, Eitan Adler <lists@eitanadler.com> wrote: > Hi, > I want to throw together some jails for friends to play with. I'm not > terribly concerned about security on this machine. My goal is to do > something like > ezjail create james 10.0.0.1 > ezjail create jared 10.0.0.2 > ezjail create joe 10.0.0.3 > ezjail create idaho 10.0.0.4 > > I have a single IP address for my computer - so I would need some kind > of nat to allow these jails to access the outside world - and allow > the outside world to access them. > > I've looked into pf and I guess I would need something like > > nat on nfe0 from 10.0.0.1 to any -> $external_ip > > is this correct? > Do I need anything in in /etc/pf.conf ? > you can use natd as well in rc.conf natd_enable="YES" natd_interface="rl1" natd_flags="-dynamic" then as root in the base system kldload ipdivert natd -n rl1 or whatever your interface is > -- > Eitan Adler > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTikYM3=BxRsAuwvQdUyNQxP3fzWotX4sE1oZoSLA>