From owner-freebsd-questions@FreeBSD.ORG Thu Feb 6 15:02:55 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 25E8F8B0 for ; Thu, 6 Feb 2014 15:02:55 +0000 (UTC) Received: from mail-wg0-f44.google.com (mail-wg0-f44.google.com [74.125.82.44]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id AF5C51FBD for ; Thu, 6 Feb 2014 15:02:54 +0000 (UTC) Received: by mail-wg0-f44.google.com with SMTP id l18so1341119wgh.11 for ; Thu, 06 Feb 2014 07:02:47 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:date:message-id:subject:from :to:content-type; bh=PLFkWRkPfKZo7YsGzazWhjq/awfqSqHHUApifeRsK60=; b=Yv10pvgfX2N/FQdhVSSaDjcbgalLZRG8yb52Z8fp63zfqIJIvzx1sOmlqz32qQqIXW 4aHYljH465VtG56mSXmPPCmzpdvyYD3E9J8iJwKiGGbmOM5LeuRkCeqbNAMvYv62AG2j ulEh+qkzMmssAOWaqG2ei449Ep8+NsfgmYIpiTv+pazaOL/e0s2eBW/HSwmxxE9C/oIG /vRArgDuSDV4ixkhi3RTCeHdi1YsCt3q0V3K4hiw9IX+/L5WMK3Zrz0EwMJ5HRyyvbz4 V/xltnFBAfB8Fs8csd9cUeKHcnSPdppaRz/zez//QqgynorMkjjnPEr5valneR35yTsz N7/Q== X-Gm-Message-State: ALoCoQm1vmDTK7XvLEpPTjn4s1qRK2IBuEeaZ+3wryEx8fhGiKJSC6qxXdYkv+QFX2f3+QcwrhOd MIME-Version: 1.0 X-Received: by 10.194.84.144 with SMTP id z16mr6203478wjy.23.1391697290281; Thu, 06 Feb 2014 06:34:50 -0800 (PST) Sender: wthww@680x0.com Received: by 10.194.153.232 with HTTP; Thu, 6 Feb 2014 06:34:50 -0800 (PST) X-Originating-IP: [63.142.96.16] Date: Thu, 6 Feb 2014 09:34:50 -0500 X-Google-Sender-Auth: vL0-LSgLQ_7trVwfePuihlLJ5fQ Message-ID: Subject: pf and jails From: Tyler Saylor To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.17 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Feb 2014 15:02:55 -0000 Hello, I'm running FreeBSD 10-RELEASE on i386. I have setup a few jails for services such as httpd and postfix using ezjail. The host has one physical ethernet interface and I have five routeable IPv4 addresses; of the five, four are assigned to a jail and one is assigned to the host. I have a jail for mysql that is setup to use a clone of lo and the address "10.1.1.1". I'm also using pf to filter traffic to each service on the host. My question is this: How do I make it so that the other jails that are bound to routable addresses able to interact with the jail on 10.1.1.1? Is there some magic pf voodo I'm not understanding, or some mental deficiency I'm just now being made aware of? I've included my pf.conf and included an illustration. THanks for any help, //Tyler Saylor For illistration: Each pipe represents a real, routable ipv4 address assigned to the respective jail. The star represents the private address of the jail I'd like to be accesible from the others. em0--|--|--|--|--| lo1--* h w i m s m o w r a v y s w c i n s t l q l pf.conf http://pastebin.ca/2630464