From owner-freebsd-net@FreeBSD.ORG Tue Mar 15 23:56:07 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 22CCC16A4CE for ; Tue, 15 Mar 2005 23:56:07 +0000 (GMT) Received: from meisai.numachi.com (meisai.numachi.com [198.175.254.6]) by mx1.FreeBSD.org (Postfix) with SMTP id 07C9543D1F for ; Tue, 15 Mar 2005 23:56:06 +0000 (GMT) (envelope-from reichert@numachi.com) Received: (qmail 7962 invoked from network); 15 Mar 2005 23:56:05 -0000 Received: from natto.numachi.com (198.175.254.216) by meisai.numachi.com with SMTP; 15 Mar 2005 23:56:05 -0000 Received: (qmail 45950 invoked by uid 1001); 15 Mar 2005 23:56:04 -0000 Date: Tue, 15 Mar 2005 18:56:04 -0500 From: Brian Reichert To: S??awek ??ak Message-ID: <20050315235604.GP340@numachi.com> References: <787bbe1c050315152733f79e7c@mail.gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <787bbe1c050315152733f79e7c@mail.gmail.com> User-Agent: Mutt/1.5.7i cc: freebsd-net@freebsd.org Subject: Re: Setup of jail bound to lo0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Mar 2005 23:56:07 -0000 On Wed, Mar 16, 2005 at 12:27:57AM +0100, S??awek ??ak wrote: > Hi, > > I need to have some jails configured, sharing single IP address (IPv6 > is a no-no for the time being:). Therefore I came up with an idea of > binding them all to lo0 and assigning subsequent IP aliases as the > addresses. The requirement for the jails is to let them to receive > (the easy part) and *send* packets to the outside. > > Which obviously doesn't work. I've tried to add alias IP, but then it > stops the natd `rule' matching. Hmm. This was working for me under 4.9-RELEASE: # prep/launch (build kernel with options IPFIREWALL options IPDIVERT ) # useful environment setenv JAIL_IF vr0 setenv JAIL_IP 192.168.0.1 setenv TESTJAIL /var/minjail ifconfig $JAIL_IF alias $JAIL_IP # spin up a private NAT sysctl net.inet.ip.forwarding=1 sysctl jail.set_hostname_allowed=0 ipfw add 50 divert natd all from any to any via $JAIL_IF /sbin/natd -n $JAIL_IF -log -unregistered_only # spin up the jail jail $TESTJAIL testhostname $JAIL_IP /bin/sh > Net Gods, help me please, /S > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" -- Brian Reichert 55 Crystal Ave. #286 Daytime number: (603) 434-6842 Derry NH 03038-1725 USA BSD admin/developer at large