From owner-freebsd-ipfw@FreeBSD.ORG Wed Jan 28 00:30:05 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4CD43106564A for ; Wed, 28 Jan 2009 00:30:05 +0000 (UTC) (envelope-from kagekonjou@gmail.com) Received: from fg-out-1718.google.com (fg-out-1718.google.com [72.14.220.156]) by mx1.freebsd.org (Postfix) with ESMTP id D3F9C8FC1A for ; Wed, 28 Jan 2009 00:30:04 +0000 (UTC) (envelope-from kagekonjou@gmail.com) Received: by fg-out-1718.google.com with SMTP id e12so293482fga.35 for ; Tue, 27 Jan 2009 16:30:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type:content-transfer-encoding; bh=VuYl0TWK65Pp3P5LVpEdqCiyJfufOiNacdaR87ikGvs=; b=vOXWZxjPWc/V58sHRqUciUu9kTtFvdKrhT02RWrFrRoqfC42aNJagh31WKsJ1KztLN hpW9rlUd3LxmNuQPUmJc0CSTks/DNzF26mGPbYHzRp+2B5yTj203r3MfjhyQNRKaCQHo P08XasQCI4DaJGvIOuCV2Ayp6OSLdWXlZ204g= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type :content-transfer-encoding; b=G4I3DuRTfHl0tWAR43NTz7Z+l+uyEZtMQfzL26WtaivKZc2+eRHVoqYwGMBcWVHw/g qyQ6man5R8ccrjoiKflOmReszmGReIMOgfdJDHxOy+mRd47e/bs1UEjdV7u+D5o5lEkH TbfDlnQ5RmtCNax0gCvxWMc8pcwiaucSO+Yso= MIME-Version: 1.0 Received: by 10.180.245.15 with SMTP id s15mr555848bkh.169.1233101213511; Tue, 27 Jan 2009 16:06:53 -0800 (PST) Date: Tue, 27 Jan 2009 19:06:53 -0500 Message-ID: From: Kage To: freebsd-ipfw@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Multi-IP Jails using IPFW (7.1-REL) X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Jan 2009 00:30:05 -0000 Hey, I need a solution for using IPFW to forward multiple IPs (any port) to a single jail. Basically, here's what I'd like: JID IP Address Hostname Path 1 10.0.0.100 some.host.name /usr/jails/jail-1 1.2.3.4 -> IPFW -> jail-1 (10.0.0.100) 1.2.3.5 -> IPFW -> jail-1 (10.0.0.100) 1.2.3.6 -> IPFW -> jail-1 (10.0.0.100) The jails need to be able to connect to the outside world via one of the IPs that are forwarded to it (doesn't matter which it defaults to). It CANNOT connect out via the base IP set in ifconfig, only one of the aliases, specifically one of the ones pointing to the jail via ipfw. Ideally, I'd like to do this in ipfw since I've barely worked with pf, and I've got tons of rules already setup in ipfw. According to a bunch of people around, a solution like can be done with ipfw (and apparently has been done by a few), but no one will tell me how. Can someone please tell me what rule(s) I need to add to my ipfw settings? Thanks! -- ~ Kage http://vitund.com http://hackthissite.org