From owner-freebsd-stable@FreeBSD.ORG  Thu Nov 22 11:33:46 2012
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
 by hub.freebsd.org (Postfix) with ESMTP id E5A7D5DD
 for <freebsd-stable@freebsd.org>; Thu, 22 Nov 2012 11:33:46 +0000 (UTC)
 (envelope-from morgan.s.reed@gmail.com)
Received: from mail-ie0-f182.google.com (mail-ie0-f182.google.com
 [209.85.223.182])
 by mx1.freebsd.org (Postfix) with ESMTP id A89178FC19
 for <freebsd-stable@freebsd.org>; Thu, 22 Nov 2012 11:33:46 +0000 (UTC)
Received: by mail-ie0-f182.google.com with SMTP id s9so6726161iec.13
 for <freebsd-stable@freebsd.org>; Thu, 22 Nov 2012 03:33:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:from:date:message-id:subject:to
 :cc:content-type;
 bh=tXqktjgH8qJ8L3y1TXHnh609CjoDS28nVApO6IrUFgQ=;
 b=F08S3DVo2ih8WdQVLa2e9MZxweV2VAhFHC92QGywGmX+Fx9GiVh7iHs0ShObBaJKH8
 SJWYHR12g62z3YKv4tDaho9egUVLnhbW+2TcUgez1KIbMOgeaHkV7kduSYmjN52HZRAT
 xY09V9rZXF2zcz2PELHUciAeFCkFYbKUxzp2S/JawfLJPt+sB0HcnuPaqvZW6tvBsZIq
 VtHLUGECRL730SjF12yrvk1h/5UaEizyalRxxQbdDSco7V1B2nmQv/ffWSXfAXKyT0rt
 o5VjnvniNFOesnXbz1r0320rkxe52YN+NPN/oP0tESgzKL6JK3EKtdh9bI9DRj4SNZs1
 oImQ==
Received: by 10.50.187.165 with SMTP id ft5mr2915630igc.12.1353584025586; Thu,
 22 Nov 2012 03:33:45 -0800 (PST)
MIME-Version: 1.0
Received: by 10.64.6.71 with HTTP; Thu, 22 Nov 2012 03:33:24 -0800 (PST)
In-Reply-To: <CAPyG9gM4Ht560WEerVXvxx=W8Q=thC7FtGyaFMC5Pou2kijLBw@mail.gmail.com>
References: <CAKnh_YtF5f_0-vuGO0ov+JDKa_gxF+f80-DCcfxPYyew0_ZG7Q@mail.gmail.com>
 <CAPyG9gM4Ht560WEerVXvxx=W8Q=thC7FtGyaFMC5Pou2kijLBw@mail.gmail.com>
From: Morgan Reed <morgan.s.reed@gmail.com>
Date: Thu, 22 Nov 2012 22:33:24 +1100
Message-ID: <CAKnh_YvMSnAqjJEhWOixJh0rFQLfBqFKau0vBUpzaT_+bGRnBw@mail.gmail.com>
Subject: Re: natd in a jail
To: Simon Dick <simond@irrelevant.org>
Content-Type: text/plain; charset=ISO-8859-1
Cc: "freebsd-stable@freebsd.org" <freebsd-stable@freebsd.org>
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Nov 2012 11:33:47 -0000

On Thu, Nov 22, 2012 at 9:38 PM, Simon Dick <simond@irrelevant.org> wrote:
> I've not used it myself, but this sound like something VIMAGE may be good
> for, basically it's a virtual tcp stack per jail, there's some docs at
> http://wiki.freebsd.org/Image but I seem to remember a more up to date one
> elsewhere but can't find it at the moment!

These are all VIMAGE jails :) I originally tried to do this without
VIMAGE but OpenVPN won't work properly in that environment as if it
updated the kernel routing table (which ISTR it couldn't, makes sense
given the nature of jail) it would have changed it on the host and all
jail images.