Date: Tue, 2 Jun 2009 17:13:29 +0200 From: Kevin Smith <repcsike@gmail.com> To: freebsd-pf <freebsd-pf@freebsd.org> Subject: Problem: nating jails with private ip addresses. Message-ID: <c4b701070906020813t7305cd10y5657d4eb5465757f@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hi guys,
Please help if you can, I have a problem, and I can't get my config to work.
I have one public ip address, and several jails with private ip addresses in
the 172.20.0.0/24 area.
I don't know how to make this work, maybe somewhere I blocked the traffic,
but dns request are coming through, I can open (redirected)http on the jail
itself inside from the internet, but i can't connect to any host on the
internet from the jails, the main problem comes with installing from ports
and downloading the distfiles.
My System is 7.1-RELEASE.with pf,pflog,pfsync devices, and
ALTQ,ALTQ_CBQ,ALTQ_RED,ALTQ_RIO,ALTQ_HFSC,ALTQ_PRIQ,ALTQ_NOPCC options
compiled in the kernel!
Is this possible, or should I pop in another card and bind the jails to that
card?
The corresponding config is here(really partial):
tcp_services = "{ ssh, smtp, domain, www, pop3, auth, https, pop3s, ftp,
ftp-data }"
ext_if = "bge0"
jails = "172.20.0.0/24"
nat on $ext_if proto { tcp, udp, icmp } from $jails to any -> ($ext_if)
rdr pass on $ext_if inet proto tcp from any to $ext_if port http ->
172.20.0.100
pass out proto tcp to any port $tcp_services keep state
pass out proto tcp from any to any keep state
Thanks in advance, Best Regards,
Kevin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?c4b701070906020813t7305cd10y5657d4eb5465757f>