From owner-freebsd-questions@FreeBSD.ORG Fri Aug 30 03:23:00 2013 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 46A1B4FE for ; Fri, 30 Aug 2013 03:23:00 +0000 (UTC) (envelope-from aimass@yabarana.com) Received: from mail-pa0-f50.google.com (mail-pa0-f50.google.com [209.85.220.50]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 1A34B2EBD for ; Fri, 30 Aug 2013 03:22:59 +0000 (UTC) Received: by mail-pa0-f50.google.com with SMTP id fb10so1732499pad.23 for ; Thu, 29 Aug 2013 20:22:53 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=dRohZBRgPKH5ds5Ap+9IjgdcyzlBCGVQOdeDtwLdLq4=; b=U2NoYxwHUGnnfFa6XoTI84Vw48m4IEH53eCyEAoPUOGs1WjlJdH7Y/iN9HJOMl/GBz MNsq8axvNygBNEKBSzQEpuww1vO4NUeJaHJtbThH6L//tbHXvjbKJ8I+4KEOp815rLXT T3JgshfPt1n9RkcHPxQbzLy6CQqXV/cKYeEM7VNQNZNk9T8V4dql+eKzWhsvAmh4Rb9B w15w9Bz2EuIZliuASlb90gI1wlug3Z4/4eTKYX4mAyYsy5zzalx/U5MVa4SY6uEQKfP2 O3oB8Qupux+shVnQTg2ZFsHzNWcs4ITg4j8Me1aG+DwtcYbB3WkMLTTokKAu70PKaOGW O7JA== X-Gm-Message-State: ALoCoQlee7nvg1A/g/Yuxk+DBYz6mIZeEh2qEnwRysPNO1chhUA9SpQTkxioCb+Gw0Tg9+aixXlX MIME-Version: 1.0 X-Received: by 10.66.219.68 with SMTP id pm4mr7748290pac.161.1377832973171; Thu, 29 Aug 2013 20:22:53 -0700 (PDT) Received: by 10.66.240.5 with HTTP; Thu, 29 Aug 2013 20:22:53 -0700 (PDT) In-Reply-To: References: <521DC5EC.1010701@fjl.co.uk> <521E5976.8000605@fjl.co.uk> <521F0BD6.7040306@fjl.co.uk> <521F0E6B.8020507@fjl.co.uk> Date: Thu, 29 Aug 2013 23:22:53 -0400 Message-ID: Subject: Re: Jail with public IP alias From: Alejandro Imass To: Patrick Content-Type: text/plain; charset=ISO-8859-1 Cc: Frank Leonhardt , FreeBSD Questions X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Aug 2013 03:23:00 -0000 On Thu, Aug 29, 2013 at 7:53 PM, Alejandro Imass wrote: > On Thu, Aug 29, 2013 at 5:07 PM, Patrick wrote: >> On Thu, Aug 29, 2013 at 12:07 PM, Alejandro Imass wrote: >>> On Thu, Aug 29, 2013 at 5:03 AM, Frank Leonhardt wrote: >>>> On 29/08/2013 09:52, Frank Leonhardt wrote: >>>>> >>> > > [...] > >> Aliases should have a netmask of 255.255.255.255. What you seeing is >> not typical behaviour on FreeBSD. [...] > One of you asked about NAT. We are using natd to nat some public ports > to other ports on the private IPs that are aliases of lo0. This is for > the jails that don't have public IPs we just forward some ports to the > jail's ports like this: > > For example: > > redirect_port tcp 192.168.101.123:22 12322 > redirect_port tcp 192.168.101.123:80 12380 > > Could this have an effect on OUTBOUND connections?? Seems unlikely to > me but I think one of you asked about NAT I suspect for a good reason. > > I'll turn off the natting temporarily and test. > I can confirm that the culprit was natd. Now the question becomes why does natd affect the source IP for an outbound connection?? Is there a way to fix it and keep natd? Seems that Patrick's NAT hunch on hist first reply was right on the money. Thanks, -- Alejandro Imass