From owner-freebsd-jail@FreeBSD.ORG Wed Feb 6 14:00:38 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8545416A420; Wed, 6 Feb 2008 14:00:38 +0000 (UTC) (envelope-from Albert.Shih@obspm.fr) Received: from mesiob.obspm.fr (mesiob.obspm.fr [145.238.186.2]) by mx1.freebsd.org (Postfix) with ESMTP id 00D1E13C4DB; Wed, 6 Feb 2008 14:00:37 +0000 (UTC) (envelope-from Albert.Shih@obspm.fr) Received: from localhost (pcjas.obspm.fr [145.238.184.233]) by mesiob.obspm.fr (8.13.4/8.13.4/SIO Observatoire de Paris) with ESMTP id m16E0BqD004341; Wed, 6 Feb 2008 15:00:35 +0100 Date: Wed, 6 Feb 2008 15:00:11 +0100 From: Albert Shih To: Kurt Jaeger Message-ID: <20080206140011.GI3734@pcjas.obspm.fr> References: <20080205162327.GF94606@pcjas.obspm.fr> <20080205163725.GK1757@home.c0mplx.org> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20080205163725.GK1757@home.c0mplx.org> User-Agent: Mutt/1.5.17 (2007-11-01) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.0.2 (mesiob.obspm.fr [145.238.186.2]); Wed, 06 Feb 2008 15:00:35 +0100 (CET) X-Virus-Scanned: ClamAV version 0.92, clamav-milter version 0.92 on mesiob.obspm.fr X-Virus-Status: Clean Cc: freebsd-jail@freebsd.org, freebsd-questions@freebsd.org Subject: Re: How to use two interface with jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Albert.Shih@obspm.fr List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Feb 2008 14:00:38 -0000 Le 05/02/2008 à 17:37:25+0100, Kurt Jaeger a écrit > Hi! > > > How can I make > > > > all traffic from the server/for the server pass through the first > > interface > > > > all traffic from the jail /for the jail pass through the second > > interface. > > > > In fact : How can make two «default router» on for the server, another for > > all jail. > > Assuming you can use ipfw, here's an example: > > - Interfaces: > if1: 192.168.1.1, gateway 192.168.1.254 > if2: 192.168.2.1, gateway 192.168.2.254 > - system uses 192.168.1.254 as its default gateway. > - IP-ranges for jails are in the 192.168.2.0/24 range. > - Then add the following ipfw rule: > > /sbin/ipfw add 1000 fwd 192.168.2.254 ip from 192.168.2.0/24 to any out via if2 > > Give it a try. Thanks for your help. It's working. I'm using pf (old habit) and with this single ligne pass out route-to (bce1 router_address) from to ! network_CIDR it's working. Thanks. Regards. -- Albert SHIH Observatoire de Paris Meudon SIO batiment 15 Heure local/Local time: Mer 6 fév 2008 14:58:45 CET