Date: Wed, 16 Mar 2005 13:14:14 +0300 (MSK) From: "."@babolo.ru To: "S?awek ?ak" <slawek.zak@gmail.com> Cc: freebsd-net@freebsd.org Subject: Re: Setup of jail bound to lo0 Message-ID: <1110968054.782712.2859.nullmailer@cicuta.babolo.ru> In-Reply-To: <787bbe1c050315152733f79e7c@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[ Charset ISO-8859-1 unsupported, converting... ]
> Hi,
>
> I need to have some jails configured, sharing single IP address (IPv6
> is a no-no for the time being:). Therefore I came up with an idea of
> binding them all to lo0 and assigning subsequent IP aliases as the
> addresses. The requirement for the jails is to let them to receive
> (the easy part) and *send* packets to the outside.
>
> The jails cannot directly access the Internet as they cannot bind to
> the external IP address of course. Some translation needs to be made,
> I think. After wrestling with ipfw/ipf/pf for a couple of hours I
> don't have a working solution.
>
> My last attempt to get outside from the jail with ipfw was:
>
> # ipfw add 200 divert natd log tcp from 127.0.0.2 to 127.0.0.2 222 in via lo0
>
> and for natd:
>
> redirect_port tcp 192.168.153.2:22 127.0.0.2:222
>
> I get this log from natd:
>
> In {default} 0000ffff[TCP] [TCP] 127.0.0.2:53057 -> 127.0.0.2:301 aliased to
> [TCP] 127.0.0.2:53057 -> 192.168.153.2:22
>
> Which obviously doesn't work. I've tried to add alias IP, but then it
> stops the natd `rule' matching.
Try another addresses not in 0/8 and 127/8.
>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1110968054.782712.2859.nullmailer>