From owner-freebsd-questions@FreeBSD.ORG  Thu Oct 30 22:02:48 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B7BC216A4CE
	for <freebsd-questions@freebsd.org>;
	Thu, 30 Oct 2003 22:02:48 -0800 (PST)
Received: from mabels.dyndns.org (p213.54.105.202.tisdip.tiscali.de
	[213.54.105.202])
	by mx1.FreeBSD.org (Postfix) with ESMTP id DA9B143FE3
	for <freebsd-questions@freebsd.org>;
	Thu, 30 Oct 2003 22:02:47 -0800 (PST)
	(envelope-from meno.abels@adviser.com)
Received: from minimax.abels.adviser.com ([192.168.74.13] helo=adviser.com)
	by cruiser.abels.adviser.com with esmtp (Exim 4.24; FreeBSD 5.1)
	id 1AF69Q-000E9e-Vd
	for freebsd-questions@freebsd.org; Thu, 30 Oct 2003 07:19:20 +0100
Message-ID: <3FA0AD7B.5060801@adviser.com>
Date: Thu, 30 Oct 2003 07:19:39 +0100
From: Meno Abels <meno.abels@adviser.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
	rv:1.5) Gecko/20031013 Thunderbird/0.3
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: freebsd-questions@freebsd.org
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Internal Policy Routing
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Oct 2003 06:02:48 -0000

Hello,

i 'am search for an solution for a multi-jailed enviroment. I have an 
system with
around 20 jailed enviroments that are made for easy of use. The idea  is
to add to this jailed system an jailed central firewall for all other 
jailed enviroments.
To gets this to run i need a special routing which is easily done on 
linux with
"policy routing" but i didn't found a similar function on bsd. My network
layout look like this, remember this network is running in one box.

internet-------firewalljail(69.10.3.3)----

                             |---- internaljail-0(192.168.19.1)
                             |---- internaljail-1(192.168.19.2)
                             |---- internaljail-2(192.168.19.3)
                             |---- internaljail-3(192.168.19.4)

To enable this i need to add to the internaljails an defaultroute
to the 69.10.3.3 and the 69.10.3.3 needs an defaultroute to the 
internet so that the firewalljail will transfer(filter) all packets
which are send/received from the internaljails. Is there any 
solution. I know that there some additional problems with setting
the ipf/bpf kernel infos from an jail but this problem is solveable,
first solution is not use an jail for the firewall, to use the master.

Thanks in advance

Meno