From owner-freebsd-questions@FreeBSD.ORG Thu Jul 21 15:19:36 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D04C316A421 for ; Thu, 21 Jul 2005 15:19:36 +0000 (GMT) (envelope-from chad@shire.net) Received: from hobbiton.shire.net (hobbiton.shire.net [166.70.252.250]) by mx1.FreeBSD.org (Postfix) with ESMTP id 71EEA43DA1 for ; Thu, 21 Jul 2005 15:19:16 +0000 (GMT) (envelope-from chad@shire.net) Received: from [67.161.222.227] (helo=[192.168.99.68]) by hobbiton.shire.net with esmtpa (Exim 4.51) id 1DvcpO-0004G5-Lc; Thu, 21 Jul 2005 09:19:14 -0600 In-Reply-To: <2217.196.37.144.120.1121958167.squirrel@webmail.premsoft.co.za> References: <2217.196.37.144.120.1121958167.squirrel@webmail.premsoft.co.za> Mime-Version: 1.0 (Apple Message framework v733) X-Priority: 3 Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: "Chad Leigh -- Shire.Net LLC" Date: Thu, 21 Jul 2005 09:19:14 -0600 To: jaco@coocoo.za.net X-Mailer: Apple Mail (2.733) X-SA-Exim-Connect-IP: 67.161.222.227 X-SA-Exim-Mail-From: chad@shire.net X-SA-Exim-Scanned: No (on hobbiton.shire.net); SAEximRunCond expanded to false Cc: freebsd-questions@freebsd.org Subject: Re: [Jail] Setting default route in Jail? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Jul 2005 15:19:37 -0000 On Jul 21, 2005, at 9:02 AM, jaco@coocoo.za.net wrote: > Hello All, > > My setup looks like this: > The FreeBSD machine have a public range IP address, and I set up a > couple > of jails with private range IP addresses (192.168.x.x) on the same > box. > > The private range ip adresses are set up as aliases, using the > procedure > as described in the jail(8) man page. > > All works fine, except for the fact that from within the jails I do > not > have internet connectivity as the default route is the same as my jail > hosts default route. For this to work I would have to be able to > set my > default route in the jail environment to the IP address of my jail > host > and enable the jail host as a gateway. > > The problem is that you are not allowed to set the default route > inside of > the jail, and currently this default route is the default route of > the > jail host. > > I am sure other people must have had this problem before and found a > solution. :) > > Anybody know any workrounds? Or maybe a better way to set this up? Hi I got it working though I don't remember exactly how. I set my host as a gateway and maybe played around with some ipfw rules. I did do some ipfw rules and set up natd but I don't remember exactly what it was I was doing with them (meaning why) as I had some other needs as well... The xxx out addresses are the public netblock we have. I am not an ipfw expert and came up with these through trial and error and reading web pages in the middle of the night waymoot# more rc.firewall #!/bin/sh # /sbin/ipfw -f flush /sbin/ipfw add pass all from x.x.x.0/24 to me /sbin/ipfw add pass all from me to x.x.x.0/24 via bge0 /sbin/ipfw add pass all from 192.168.2.0/24 to me /sbin/ipfw add pass all from 192.168.1.0/24 to me /sbin/ipfw add pass all from me to 192.168.2.0/24 via bge1 /sbin/ipfw add pass all from me to 192.168.1.0/24 via bge0 /sbin/ipfw add divert natd all from any to any via bge0 /sbin/ipfw add pass all from any to any waymoot# best Chad > > Thank you in advance! > ---Jaco > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions- > unsubscribe@freebsd.org" > --- Chad Leigh -- Shire.Net LLC Your Web App and Email hosting provider chad@shire.net