Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 11 Jun 2002 16:10:51 -0400
From:      Andrea Bacchet <baccheta@cae.com>
To:        "'freebsd-questions@freebsd.org'" <freebsd-questions@freebsd.org>
Subject:   IPFW/natd to my jail
Message-ID:  <8A6A2A139700D5118EB6009027B0FF3A0D91D799@caemsx02.cae.ca>
next in thread | raw e-mail | index | archive | help 

I hope the list will not receive this message twice.
I sent it 3 hours ago, and it doesn't seem to have made it.

--------------------
Greetings,

	I have a host computer called dagobah, which
runs a virtual system in a jailed environment, called
darkside. This system is running FreeBSD 4.5-RELEASE.

host (dagobah) xl0 IP 143.whatever
     jail (darkside) IP alias to xl0 (192.168.200.13)

	My current problem is that I would like certain
services (ssh port 22) to be forwarded from my host
to my jail.

	So if a user tries to connect to my dagobah system
on port 22 with ssh. He will actually login to the jail.
He doesn't see the difference.

	Now here are my questions!

1- I enabled ipfw and am using the "open" configuration from
   rc.firewall

   however, now when I try to connect to my jail, I get the same
   error I was getting when I didn't have my resolv.conf in my
   jail environment setup properly.

   It takes forever to connect (aprox 4-5 mins).

   This means that by enabling ipfw, even though I am using
   the "open" configuration. something got broken.

2- I would essentially like to have this kind of functionality

host (dagobah)
    allow ftp (port 21)
    allow www (port 80)
    allow ssh (port 777)

jail (darkside)
    allow ssh (port 22)

    with natd forwarding all requests dagobah received on port 22
    to the jail's sshd.

    Everything else should be blocked.

  
I would really appreciate any help in figuring out how to set this
up. I mean I have read through the ipfw docs (I am still doing so),
but I have no idea how to fix problem #1 (host to jail communications)
and I don't know how to setup the natd forwarding.

I really did not want to learn the entire ipfw / natd, just to get this
simple jail setup working. But it looks like I have no choice!

	cheers,

__
Andy


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8A6A2A139700D5118EB6009027B0FF3A0D91D799>