From owner-freebsd-stable@FreeBSD.ORG  Sat Nov 24 12:53:15 2012
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
 by hub.freebsd.org (Postfix) with ESMTP id 4712542C
 for <freebsd-stable@freebsd.org>; Sat, 24 Nov 2012 12:53:15 +0000 (UTC)
 (envelope-from morgan.s.reed@gmail.com)
Received: from mail-ia0-f182.google.com (mail-ia0-f182.google.com
 [209.85.210.182])
 by mx1.freebsd.org (Postfix) with ESMTP id 073388FC08
 for <freebsd-stable@freebsd.org>; Sat, 24 Nov 2012 12:53:14 +0000 (UTC)
Received: by mail-ia0-f182.google.com with SMTP id x2so8804676iad.13
 for <freebsd-stable@freebsd.org>; Sat, 24 Nov 2012 04:53:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:from:date:message-id:subject:to
 :content-type; bh=5h3ZbGxQkz9kQowFdUWUO8NBdQww7qEwqNM/Ag2aS8g=;
 b=s6ayZ15+kfc8FyLZ2rDDRk9pemze75qpKM+uNEnrfymeAeF69ahUW2Ma0JG0eMADYT
 Lgcgy4jdOT0CLYppRMiCiNw0SuiZbODnMMolpZ0eEaXpuyb0jbqyCm/fIwKpmoPff3Kc
 TpiknK9sRnWtsxUlOafqkGZb7j1Fbxqxgi1047o4Zj7oo+s/zBgS0XaRM0V65ZkzC66Z
 yAEtmtcmtUhxmXxDj4ksWeta4DFtA0BQolKYDpA4MX1dG5wRaI+AwPfysNewyyE17hAV
 uNUNq8YHwy7HJpXWt/NHQKfbj0I62UNtroKqUvBXsySzw7LVy9snf6agWJ/SDi+SK3ws
 SjZg==
Received: by 10.50.5.205 with SMTP id u13mr6239868igu.37.1353761594130; Sat,
 24 Nov 2012 04:53:14 -0800 (PST)
MIME-Version: 1.0
Received: by 10.64.6.71 with HTTP; Sat, 24 Nov 2012 04:52:53 -0800 (PST)
In-Reply-To: <CAKnh_Yt4TiPEgdaZQ0J=meKDP_WiUWgUwodEMBqdzCNBNcOAHQ@mail.gmail.com>
References: <CAKnh_YtF5f_0-vuGO0ov+JDKa_gxF+f80-DCcfxPYyew0_ZG7Q@mail.gmail.com>
 <D0670FDB8ED04E92BD4A44BB347E786F@white>
 <CAKnh_YtaY8uMo0W=LQ8L=Ntz6j9bVv8bOkQ_xFoAtz86qLZKDA@mail.gmail.com>
 <CAKnh_YteQ8YO5HFWGeFNgZqBx6-EK0BX7uujnAoqLi-JJ-yk_g@mail.gmail.com>
 <CAKnh_Yt4TiPEgdaZQ0J=meKDP_WiUWgUwodEMBqdzCNBNcOAHQ@mail.gmail.com>
From: Morgan Reed <morgan.s.reed@gmail.com>
Date: Sat, 24 Nov 2012 23:52:53 +1100
Message-ID: <CAKnh_YtWzGN_JKvv-ha6T1eMmqXEdaThBcuYj7ALCym59Wvs6Q@mail.gmail.com>
Subject: Re: natd in a jail
To: Dewayne Geraghty <dewayne.geraghty@heuristicsystems.com.au>,
 freebsd-stable@freebsd.org
Content-Type: text/plain; charset=ISO-8859-1
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 24 Nov 2012 12:53:15 -0000

On Sat, Nov 24, 2012 at 5:44 PM, Morgan Reed <morgan.s.reed@gmail.com> wrote:
> Works like a charm, just one last thing I'd like to get squared away
> here though, currently OpenVPN is using a dynamically created tun
> device, I'd like to have a static /dev/tun0 exist prior to the
> /etc/rc.d/natd start launching (because as it is I have to restart
> natd after the openvpn tunnel comes up), not sure what the best way to
> achieve this is in a jailed environment though.

Scratch that, I definitely need a holiday... natd_enable removed from
rc.conf, appropriate ipfw script being run by openvpn prior to
dropping its privs (by way of the up directive) and it "just works"
(tm)