From owner-freebsd-questions@FreeBSD.ORG Thu Aug 21 03:02:13 2014 Return-Path: Delivered-To: questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 4982CC8A for ; Thu, 21 Aug 2014 03:02:13 +0000 (UTC) Received: from tds-solutions.net (tds-solutions.net [192.99.32.153]) by mx1.freebsd.org (Postfix) with ESMTP id 214ED377D for ; Thu, 21 Aug 2014 03:02:12 +0000 (UTC) Received: from tds-solutions.net (localhost [127.0.0.1]) by tds-solutions.net (Postfix) with ESMTP id 31F913B0A1; Wed, 20 Aug 2014 23:02:08 -0400 (EDT) X-Virus-Scanned: amavisd-new at tds-solutions.net Received: from tds-solutions.net ([127.0.0.1]) by tds-solutions.net (tds-solutions.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u7lwmy757byO; Wed, 20 Aug 2014 23:01:56 -0400 (EDT) Received: from [192.168.1.35] (24-177-51-95.dhcp.oxfr.ma.charter.com [24.177.51.95]) (Authenticated sender: sorressean) by tds-solutions.net (Postfix) with ESMTPSA id 9DEBC3B099; Wed, 20 Aug 2014 23:01:56 -0400 (EDT) Message-ID: <53F5612F.7070902@tysdomain.com> Date: Wed, 20 Aug 2014 23:02:07 -0400 From: "Littlefield, Tyler" Reply-To: tyler@tysdomain.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0 MIME-Version: 1.0 To: James Gritton , questions@freebsd.org Subject: Re: putting jails on public addresses References: <53F52D26.6070600@tysdomain.com> <53F55E7D.7030206@gritton.org> In-Reply-To: <53F55E7D.7030206@gritton.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Aug 2014 03:02:13 -0000 On 8/20/2014 10:50 PM, James Gritton wrote: > On 8/20/2014 5:20 PM, Littlefield, Tyler wrote: >> Hello: >> I'd really like to put a couple of jails on publically accessible IP >> addresses. I have 5 that my provider has assigned to me. Could anyone >> possibly shed >> some light on how to do this? I know of epairs, but I'm not sure >> exactly how this works: does each interface (a and b) get an address? >> I presume one would >> be 192.168.0.8 and the other would be x.x.x.x (where x.x.x.x is the >> public address)? Which one should i set the gateway on? >> Thanks a lot for the help, > > You shouldn't need to mess with epair for most jails. Just specify > the jails' addresses (ip4.addr=x.x.x.x) in your jail.conf, and be sure > to have an "interface=foo0" global line. The simplest jail setup is > one using publicly available addresses on a single interface, which > sounds like what you have. > Hello: Thanks a lot for the info. I guess I should have been a bit more explicit: I want to be able to assign firewall rules to these separate jails. I don't think I can assign rules based on address but have to have some sort of interface. For example, port 80 will be open on two jails, but one should have rate limiting applied to it. Thanks, > - Jamie -- Take care, Ty http://tds-solutions.net He that will not reason is a bigot; he that cannot reason is a fool; he that dares not reason is a slave.