Date: Thu, 21 Jun 2012 17:02:30 +0200 From: Anders Hagman <anders.hagman@netplex.se> To: freebsd-jail@freebsd.org Subject: Re: VNET Message-ID: <1CB97103-00FC-4B8A-BF82-519F39DA3DC1@netplex.se> In-Reply-To: <CAEW%2BogYegAzytOB8UOZzdxzwZuJ57e8%2BtEAsTREemexFvS=jkw@mail.gmail.com> References: <CAEW%2BogbckMN1VfkCUjLrSbD6GWeHR%2B1q7G55Rc2%2Boe%2BosJjb8g@mail.gmail.com> <4FE1E175.4060005@FreeBSD.org> <CAEW%2BogYegAzytOB8UOZzdxzwZuJ57e8%2BtEAsTREemexFvS=jkw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi 20 jun 2012 kl. 19:51 skrev Sami Halabi: > Thank you. >=20 > I want to use vnet jail for a specific subnet that I need to seperate = from > the system. If you want total separation from the main system you need vnet jail to = be able to have a separate routing table and default gateway. > so basicly i create a vlan + a bridged interface to the public. You don't need to create a bridge, just create a vlan interface and move = it to the jail. > these two (vlan+bridged interface- epair0a) will in in the vnet jail, = so I > can do NAT only for that vlan going out. > This is the idea, as there are more interfaces in the system and there = is > only one interface out=85 I do this to be able to use the same hardware for inside server and DMZ = server. Have been working for two month without any problem. >=20 > so basicly it should be a firewall & Nat only between the specific lan = and > the outside world. >=20 > Can this be accomplished otherway? >=20 > Sami >=20 > On Wed, Jun 20, 2012 at 5:43 PM, Alexander V. Chernikov < > melifaro@freebsd.org> wrote: >=20 >> On 19.06.2012 12:56, Sami Halabi wrote: >>=20 >>> Hi, >>>=20 >>> I want to ask aout VNET jails, i read somehwre that I'm able to run = IPFW, >>> but not PF firewall in a cnet jail. >>> is that correct? >>>=20 >>> i want a vnet jail basicly for nat, so natd with ipfw + ipdivert is = my >>>=20 >> 1) You can do nat without vnet. >> 2) ipfw nat is currently the easiest way to do nat. >>=20 >>=20 >> choice? or i can use pf somehow, I never used pf before, >>> so i would like some advise here... >>>=20 >>> Thanks in advance, >>>=20 >>>=20 >>=20 >> -- >> WBR, Alexander >>=20 >=20 >=20 >=20 > --=20 > Sami Halabi > Information Systems Engineer > NMS Projects Expert > FreeBSD SysAdmin Expert > _______________________________________________ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to = "freebsd-jail-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1CB97103-00FC-4B8A-BF82-519F39DA3DC1>