Date: Mon, 12 Jul 2010 08:47:19 -0400 From: Steve Bertrand <steve@ipv6canada.com> To: Michael <mlmichael70@gmail.com> Cc: freebsd-ipfw@freebsd.org Subject: Re: please help with NATing my jails Message-ID: <4C3B0ED7.9010807@ipv6canada.com> In-Reply-To: <4C3AEA4E.50005@gmail.com> References: <4C3AEA4E.50005@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2010.07.12 06:11, Michael wrote: > Hello. > > Does anybody has a working configuration with ipfw nated jails on > loopback interface? > It simply doesn't work on my system. I can not get any connections to > outside world from within a jail. > > FreeBSD 8.0-p3 amd64 laptop connected to internet via wlan0 (ath0) with > 192.168.1.111 address obtained with DHCP. > Jail with IP 127.127.127.1 aliased on lo0. > > Host system configuration: > /etc/rc.conf > ifconfig_wlan0="WPA DHCP" > ifconfig_lo0_alias0="inet 127.127.127.1 netmask 255.255.255.255" > gateway_enable="YES" > firewall_enable="YES" > firewall_script="/etc/ipfw.rules" > firewall_nat_enable="YES" > firewall_nat_interface="wlan0" > /etc/resolve.conf > nameserver 208.67.222.222 > nameserver 208.67.220.220 > /etc/ipfw.conf > ipfw -q -f flush > ipfw add 10 allow all from 127.0.0.1 to 127.0.0.1 via lo0 > ipfw add 20 check-state > ipfw add 30 nat 100 ip from 127.127.127.1 to any via wlan0 keep-state ...do you need a second nat rule for the inbound traffic, or does nat handle that by itself? If you run tcpdump on the wlan interface, do you see the inbound traffic that relates to your request? Steve
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4C3B0ED7.9010807>