Date: Thu, 29 Aug 2013 23:22:53 -0400 From: Alejandro Imass <aimass@yabarana.com> To: Patrick <gibblertron@gmail.com> Cc: Frank Leonhardt <frank2@fjl.co.uk>, FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: Jail with public IP alias Message-ID: <CAHieY7Qj9gq3W4a2x0q=dJcg4D57o=yXm8XWHgRbjbr-B7yqFg@mail.gmail.com> In-Reply-To: <CAHieY7Sg_iXfZLQ9NUpvKpoC_U0KRMK53imBGzfALn05DbobDg@mail.gmail.com> References: <CAHieY7Sq5XKFuwp9PYnbuLAM6i=6KrrS8h-RM2uJUCzgAQ5rcw@mail.gmail.com> <CAHieY7QnkKv3st31tFHipd7q1jZ1YnFAXizQvgFKjH4oPc5Hsw@mail.gmail.com> <CA%2BdWbmYDfNNAv1kV=68eGQ8ySs9G07TZz_6zE0Fkit5t40484g@mail.gmail.com> <CAHieY7ROHTret4QgCfgUaO5t1HwPzoi8O%2B85y7KKjCW=haoGmg@mail.gmail.com> <CA%2BdWbmb6VqmjQAiEyLmsE_%2BP8bHNZxf_Yff7BZAzdDEM3Ka4SA@mail.gmail.com> <521DC5EC.1010701@fjl.co.uk> <CAHieY7TpuAcpEAqLc8=kUf=GOiwu2DonoRkTJ60stBUsVMQCcQ@mail.gmail.com> <CA%2BdWbmbzwDV=UeUPonAKdpM080=rAvQ6xu_BG3FbRYWM4pwjoQ@mail.gmail.com> <521E5976.8000605@fjl.co.uk> <CAHieY7QshB9tVrthZkuqiwWQewN1V2ZOcTZo=B_ziSKaOo%2BDWg@mail.gmail.com> <521F0BD6.7040306@fjl.co.uk> <521F0E6B.8020507@fjl.co.uk> <CAHieY7THrx5%2Bu1OSshhq8053JLJKxfOfS=o37or1bHor%2BCkT5g@mail.gmail.com> <CA%2BdWbmYaAOo8JheDGBLPeMzriUjSfcr8zuNfZy1NaYuDRyP7YQ@mail.gmail.com> <CAHieY7Sg_iXfZLQ9NUpvKpoC_U0KRMK53imBGzfALn05DbobDg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Aug 29, 2013 at 7:53 PM, Alejandro Imass <aimass@yabarana.com> wrote: > On Thu, Aug 29, 2013 at 5:07 PM, Patrick <gibblertron@gmail.com> wrote: >> On Thu, Aug 29, 2013 at 12:07 PM, Alejandro Imass <aimass@yabarana.com> wrote: >>> On Thu, Aug 29, 2013 at 5:03 AM, Frank Leonhardt <frank2@fjl.co.uk> wrote: >>>> On 29/08/2013 09:52, Frank Leonhardt wrote: >>>>> >>> > > [...] > >> Aliases should have a netmask of 255.255.255.255. What you seeing is >> not typical behaviour on FreeBSD. [...] > One of you asked about NAT. We are using natd to nat some public ports > to other ports on the private IPs that are aliases of lo0. This is for > the jails that don't have public IPs we just forward some ports to the > jail's ports like this: > > For example: > > redirect_port tcp 192.168.101.123:22 12322 > redirect_port tcp 192.168.101.123:80 12380 > > Could this have an effect on OUTBOUND connections?? Seems unlikely to > me but I think one of you asked about NAT I suspect for a good reason. > > I'll turn off the natting temporarily and test. > I can confirm that the culprit was natd. Now the question becomes why does natd affect the source IP for an outbound connection?? Is there a way to fix it and keep natd? Seems that Patrick's NAT hunch on hist first reply was right on the money. Thanks, -- Alejandro Imass
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAHieY7Qj9gq3W4a2x0q=dJcg4D57o=yXm8XWHgRbjbr-B7yqFg>