From owner-freebsd-questions@FreeBSD.ORG Fri Jun 18 18:38:13 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 06B7E16A4CE for ; Fri, 18 Jun 2004 18:38:13 +0000 (GMT) Received: from smtp.ibctech.ca (shadow2.eagle.ca [209.167.16.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id 25B4E43D48 for ; Fri, 18 Jun 2004 18:38:12 +0000 (GMT) (envelope-from iaccounts@ibctech.ca) Received: (qmail 27384 invoked by uid 1003); 18 Jun 2004 18:38:10 -0000 Received: from iaccounts@ibctech.ca by smtp.ibctech.ca by uid 89 with qmail-scanner-1.20 (clamscan: 0.65. spamassassin: 2.60. Clear:RC:1(127.0.0.1):. Processed in 0.027429 secs); 18 Jun 2004 18:38:10 -0000 Received: from unknown (HELO webmail.ibctech.ca) (127.0.0.1) by localhost.ibctech.ca with SMTP; 18 Jun 2004 18:38:09 -0000 Received: from 209.167.16.15 (SquirrelMail authenticated user steve@ibctech.ca) by webmail.ibctech.ca with HTTP; Fri, 18 Jun 2004 14:38:09 -0400 (EDT) Message-ID: <3564.209.167.16.15.1087583889.squirrel@webmail.ibctech.ca> Date: Fri, 18 Jun 2004 14:38:09 -0400 (EDT) From: "Steve Bertrand" To: freebsd-questions@freebsd.org User-Agent: SquirrelMail/1.4.2 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 Importance: Normal Subject: 3 servers using jails X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Jun 2004 18:38:13 -0000 Hi all, I've got 3 devices that I would like to consolodate. Box A - IPFW/Nat gateway for corporate use. Box B - Squid/Dansguardian content filter (my use) Box C - Qmail/vpopmail (multiple domain) mailhub All three boxes are at separate locations. What I would like to do is implement a system (at the company Box A is at) that can house all three servers in one box. This is what I'd like to achieve: - Route/filter packets from corporate LAN to Internet - Continue to use the content filter/proxy for my family - Forward corporate LAN http traffic through the proxy - Continue to use the mailhub for everyone that is using it now I am curious to know if this can be jailed. 2 jails plus the main system, one with each virtual server mentioned above. If I can, will this be possible: - 1 public IP serving each server - ability to ipfw fwd all http traffic from the corporate LAN over to the virtual server running the proxy (on it's own public IP), as to deny certain web traffic - ability to use the proxy (again, with it's own public IP) from my house - have the mailhub on it's own public IP in it's own jail (or within the main system itself) - be able to use IPFW to control access, filter traffic for all jails by using each interfaces IP address as if there was no jails I hope I have been clear and consice. Please advise if further clarification is neccesary, and thanks in advance for any advice. ~sb