From owner-freebsd-ipfw@freebsd.org  Wed Nov 18 16:46:34 2015
Return-Path: <owner-freebsd-ipfw@freebsd.org>
Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5F1A9A32797
 for <freebsd-ipfw@mailman.ysv.freebsd.org>;
 Wed, 18 Nov 2015 16:46:34 +0000 (UTC)
 (envelope-from smithi@nimnet.asn.au)
Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [115.70.110.159])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id CBFFB17AE;
 Wed, 18 Nov 2015 16:46:33 +0000 (UTC)
 (envelope-from smithi@nimnet.asn.au)
Received: from localhost (localhost [127.0.0.1])
 by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id tAIGkOEi037826;
 Thu, 19 Nov 2015 03:46:25 +1100 (EST)
 (envelope-from smithi@nimnet.asn.au)
Date: Thu, 19 Nov 2015 03:46:24 +1100 (EST)
From: Ian Smith <smithi@nimnet.asn.au>
To: Julian Elischer <julian@freebsd.org>
cc: Nathan Aherne <nathan@reddog.com.au>, freebsd-ipfw@freebsd.org
Subject: Re: Kernel NAT issues
In-Reply-To: <564C8879.8070307@freebsd.org>
Message-ID: <20151119032200.T27669@sola.nimnet.asn.au>
References: <94B91F98-DE01-4A10-8AB5-4193FE11AF3F@reddog.com.au>
 <20151013142301.B67283@sola.nimnet.asn.au>
 <C1C25100-FBD4-42F4-94F7-965B270D927F@reddog.com.au>
 <20151014232026.S15983@sola.nimnet.asn.au>
 <9908EC22-344F-4D0B-8930-7D2C70B084A1@reddog.com.au>
 <32DEEFB3-E41F-40CD-8E1A-520FB261C572@reddog.com.au>
 <564C8879.8070307@freebsd.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-ipfw>,
 <mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw/>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
 <mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Nov 2015 16:46:34 -0000

On Wed, 18 Nov 2015 22:17:29 +0800, Julian Elischer wrote:
 > On 11/18/15 8:40 AM, Nathan Aherne wrote:
 > > For some reason hairpin (loopback nat or nat reflection) does not seem to
 > > be working, which is why I chose IPFW in the first place.

 > it would be good to see a diagram of what this actually means.

Anything like ?
http://kb.juniper.net/InfoCenter/index?page=content&id=KB24639&actp=search

Was this so one jail can only access service/s provided by other jail/s, 
both/all with internal NAT'd addresses, by using only the public address 
and port of the 'router', which IIRC this is a single system with jails?

If so, what sort of routing is setup on both host and jails?

(blindfolded, no idea where I've pinned the donkey's tail :)

cheers, Ian