From owner-freebsd-questions@freebsd.org Thu Jan 5 05:01:54 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7CCA3C9E9C3 for ; Thu, 5 Jan 2017 05:01:54 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: from mail-pg0-x229.google.com (mail-pg0-x229.google.com [IPv6:2607:f8b0:400e:c05::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48F881A43 for ; Thu, 5 Jan 2017 05:01:54 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: by mail-pg0-x229.google.com with SMTP id f188so235423714pgc.3 for ; Wed, 04 Jan 2017 21:01:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=message-id:date:from:user-agent:mime-version:to:subject :content-transfer-encoding; bh=Uu9AmGbl6NNcAA8MTjhZfl0va1CvRzeQLISdPRR9t2k=; b=maNQGTICXDecqlR+YjpXzdwKWQiqmskY7uWoWdPwhC8FMzU27UazEZfgI8d9CC32XD 2TRTmkJ92hLm5fu6ikyfu7852GkGXzb5h+ITa6A6brMNj8nRosWsJF5wbjR14PbMHk9y QQZjunqMV5qOrsaYigvw3ldCZj7z6OnGcqHioQZyyMFGShrPgX5q7mAiLr40d2IwSsSn 3eJxi2MR80LbhcY+AU/R3PJn+Avvlh4WmaKBZAsyAUax1X+sSZ3tHA4LV7JshO7UgmiV /pF30Hv5vPGh5sTJ+eVVtkyuNEKsXnE9p7YKl0HVGaK5qHkLYGfYasJkTebqhycnDh3M xXJA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :subject:content-transfer-encoding; bh=Uu9AmGbl6NNcAA8MTjhZfl0va1CvRzeQLISdPRR9t2k=; b=PuPexnjU94EfO0VGnRbmhyGjCVJK72eFwwN+RDxW5xQKYiVZIMZSpEaMYhZiRoRNGv ur738Xk6h9e9bvUrPhRYFvT+YnYf3OT/rApNu24pl5+Z4TGNwqml1TvlSSvZ641QQx0W c9+Bb6vcZuAhaqWjzj5hqM1dAotogaL4Qn6Ja2bRVFIVSTWH/WyKenf6VN2bgwsPH7J/ fkLne9FquBz/BkRbSRRuNx/IQ7sB0vaGRrkHL/NxJ72GiExan2KILsJMS4ibcrxCUHw2 Aj9ivFENlcvJJ79iT9rs5FbxL5n4boYlqLpn8of0TQUM+v7NxxDx9169kdp5FerHXe8d fb/w== X-Gm-Message-State: AIkVDXLUo+gncsiSRZz9nbeghhmBbxdGgKNcCnWwLXsDXaVGW/OtLzPJWpPSZW7GAhPj0w== X-Received: by 10.84.210.167 with SMTP id a36mr154271099pli.125.1483592513704; Wed, 04 Jan 2017 21:01:53 -0800 (PST) Received: from [192.168.1.103] ([120.29.76.161]) by smtp.googlemail.com with ESMTPSA id t20sm150199378pfk.48.2017.01.04.21.01.52 for (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 04 Jan 2017 21:01:53 -0800 (PST) Message-ID: <586DD349.8000703@gmail.com> Date: Thu, 05 Jan 2017 13:02:01 +0800 From: Ernie Luzar User-Agent: Thunderbird 2.0.0.24 (Windows/20100228) MIME-Version: 1.0 To: "freebsd-questions@freebsd.org" Subject: jails & network/firewall setup Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Jan 2017 05:01:54 -0000 Hello List, Finally got myself a static IP address added to the dynamic IP address already assigned by my ISP. Both have their own unique domain names pointing to them and going to the same MAC address modem. Yes I run ddclient to insure the dynamic IP address and it's domain name are keep in sync. When I do a ifconfig command I see the NIC facing the public internet has those 2 IP address listed. If I assign the static IP address to a jail, will all traffic travailing on that IP address be seen only by that jail without any firewall NAT forwarding rules being used? IE: assuming there are no firewall rules blocking traffic on that IP address. Lets state it a different way. Does all traffic targeted for a jail need to have firewall NAT rules by IP address and port number to forward just the desired port number traffic to that jail?