From owner-freebsd-jail@FreeBSD.ORG Wed Jun 20 17:51:28 2012 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4DC001065747; Wed, 20 Jun 2012 17:51:28 +0000 (UTC) (envelope-from sodynet1@gmail.com) Received: from mail-yx0-f182.google.com (mail-yx0-f182.google.com [209.85.213.182]) by mx1.freebsd.org (Postfix) with ESMTP id 9AD628FC12; Wed, 20 Jun 2012 17:51:27 +0000 (UTC) Received: by yenl8 with SMTP id l8so7018352yen.13 for ; Wed, 20 Jun 2012 10:51:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=1Qbyx4a9apwgjwYMpP1el6H/cEoQk1RTv/I3MP2pVXM=; b=lb/INqYkpRREYLJG3+BcMafjA9adnEVg3PXrIO8QLCkR0pKbd26xphTJomiT8H41gP V0pFnGhwN09U7ixMqCIHtfntb+h3WViwhcwJR3CdpuyHukje3GTWVSQj9aNCTKqtAt5W S6YCwlW3hFDZ5Euy74c7LPCEcnNcM5fSKTLReM/kiN2m8aczyKGpe4+s6m/n5eZ4HNpW mnApAzFu78NHnURndnhbtgtA9EFFCkpUWFukPrW/IAehQcxmFE1rPVxkf7ZnX+CXgC9l 0KPAzoNgmv7IBWUEI9E6G3sTAZSocXAVHqxolgtN4TURlrBLUMIOniQyGLj8knW65jJC ntTw== MIME-Version: 1.0 Received: by 10.60.19.196 with SMTP id h4mr24360008oee.56.1340214686779; Wed, 20 Jun 2012 10:51:26 -0700 (PDT) Received: by 10.182.44.101 with HTTP; Wed, 20 Jun 2012 10:51:26 -0700 (PDT) In-Reply-To: <4FE1E175.4060005@FreeBSD.org> References: <4FE1E175.4060005@FreeBSD.org> Date: Wed, 20 Jun 2012 20:51:26 +0300 Message-ID: From: Sami Halabi To: "Alexander V. Chernikov" Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-ipfw@freebsd.org, bz@freebsd.org, freebsd-jail@freebsd.org, freebsd-pf@freebsd.org Subject: Re: VNET X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Jun 2012 17:51:28 -0000 Thank you. I want to use vnet jail for a specific subnet that I need to seperate from the system. so basicly i create a vlan + a bridged interface to the public. these two (vlan+bridged interface- epair0a) will in in the vnet jail, so I can do NAT only for that vlan going out. This is the idea, as there are more interfaces in the system and there is only one interface out... so basicly it should be a firewall & Nat only between the specific lan and the outside world. Can this be accomplished otherway? Sami On Wed, Jun 20, 2012 at 5:43 PM, Alexander V. Chernikov < melifaro@freebsd.org> wrote: > On 19.06.2012 12:56, Sami Halabi wrote: > >> Hi, >> >> I want to ask aout VNET jails, i read somehwre that I'm able to run IPFW, >> but not PF firewall in a cnet jail. >> is that correct? >> >> i want a vnet jail basicly for nat, so natd with ipfw + ipdivert is my >> > 1) You can do nat without vnet. > 2) ipfw nat is currently the easiest way to do nat. > > > choice? or i can use pf somehow, I never used pf before, >> so i would like some advise here... >> >> Thanks in advance, >> >> > > -- > WBR, Alexander > -- Sami Halabi Information Systems Engineer NMS Projects Expert FreeBSD SysAdmin Expert