Date: Sun, 21 Sep 2003 16:07:54 -0500 (CDT) From: "masta" <masta@wifibsd.org> To: <sub_0@netcabo.pt> Cc: freebsd-hackers@freebsd.org Message-ID: <1132.12.238.113.137.1064178474.squirrel@mail.yazzy.org>
next in thread | raw e-mail | index | archive | help
Mario Freitas wrote: > Hi, > I recently configured a jail on a FreeBSD gateway doing nat for the > interface alias (the jail address, say 192.168.J.J). I tried with natd > and ipnat too. > However there are some problems I still do not understand. First > when I added "nameserver 192.168.X.X" (the nameserver running outside > the jail environment) to the jail, every query to the name server is > made via the loopback interface instead of the internal interface, or > $intif (where I have 192.168.X.X plus 192.168.J.J). Shouldn't the packet > travel(virtually) via the $intif interface (as if the request was coming > from any machine on the LAN)? Also, the packets are travelling through > the loopback interface, where bind _is not_ listening :) (another weird > behaviour?) This is normal. Jails use the loopback interface. You should alter your configuration accordingly. > Second, I've tried using, unsuccessfully, many ipfw rules so any user > inside the jail environment can establish statefully any tcp connection > to the internet. What I do not understand is why the request does not > (virtually) come through $intif (192.168.J.J). Because the jail(8) uses the loopback interface. [snip] I seem to recall some old discussion about the roadmap for jail(8), and somebody mentioned the consideration of a set of patches to virtualize the entire freebsd network stack to facilitate the type of feature you thought jail's have, but don't. __ __ _ | \/ | __ _ ___| |_ __ _ | |\/| |/ _` / __| __/ _` | | | | | (_| \__ \ || (_| | |_| |_|\__,_|___/\__\__,_| masta@wifibsd.org http://wifibsd.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1132.12.238.113.137.1064178474.squirrel>