Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 21 Jun 2012 17:02:30 +0200
From:      Anders Hagman <anders.hagman@netplex.se>
To:        freebsd-jail@freebsd.org
Subject:   Re: VNET
Message-ID:  <1CB97103-00FC-4B8A-BF82-519F39DA3DC1@netplex.se>
In-Reply-To: <CAEW%2BogYegAzytOB8UOZzdxzwZuJ57e8%2BtEAsTREemexFvS=jkw@mail.gmail.com>
References:  <CAEW%2BogbckMN1VfkCUjLrSbD6GWeHR%2B1q7G55Rc2%2Boe%2BosJjb8g@mail.gmail.com> <4FE1E175.4060005@FreeBSD.org> <CAEW%2BogYegAzytOB8UOZzdxzwZuJ57e8%2BtEAsTREemexFvS=jkw@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
Hi

20 jun 2012 kl. 19:51 skrev Sami Halabi:

> Thank you.
>=20
> I want to use vnet jail for a specific subnet that I need to seperate =
from
> the system.

If you want total separation from the main system you need vnet jail to =
be able
to have a separate routing table and default gateway.

> so basicly i create a vlan + a bridged interface to the public.

You don't need to create a bridge, just create a vlan interface and move =
it to the jail.

> these two (vlan+bridged interface- epair0a) will in in the vnet jail, =
so I
> can do NAT only for that vlan going out.
> This is the idea, as there are more interfaces in the system and there =
is
> only one interface out=85

I do this to be able to use the same hardware for inside server and DMZ =
server.
Have been working for two month without any problem.

>=20
> so basicly it should be a firewall & Nat only between the specific lan =
and
> the outside world.
>=20
> Can this be accomplished otherway?
>=20
> Sami
>=20
> On Wed, Jun 20, 2012 at 5:43 PM, Alexander V. Chernikov <
> melifaro@freebsd.org> wrote:
>=20
>> On 19.06.2012 12:56, Sami Halabi wrote:
>>=20
>>> Hi,
>>>=20
>>> I want to ask aout VNET jails, i read somehwre that I'm able to run =
IPFW,
>>> but not PF firewall in a cnet jail.
>>> is that correct?
>>>=20
>>> i want a vnet jail basicly for nat, so natd with ipfw + ipdivert is =
my
>>>=20
>> 1) You can do nat without vnet.
>> 2) ipfw nat is currently the easiest way to do nat.
>>=20
>>=20
>> choice? or i can use pf somehow, I never used pf before,
>>> so i would like some advise here...
>>>=20
>>> Thanks in advance,
>>>=20
>>>=20
>>=20
>> --
>> WBR, Alexander
>>=20
>=20
>=20
>=20
> --=20
> Sami Halabi
> Information Systems Engineer
> NMS Projects Expert
> FreeBSD SysAdmin Expert
> _______________________________________________
> freebsd-jail@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-jail
> To unsubscribe, send any mail to =
"freebsd-jail-unsubscribe@freebsd.org"




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1CB97103-00FC-4B8A-BF82-519F39DA3DC1>