From owner-freebsd-questions@FreeBSD.ORG Tue May 19 17:46:06 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B248310656B8 for ; Tue, 19 May 2009 17:46:06 +0000 (UTC) (envelope-from alexus@gmail.com) Received: from yw-out-2324.google.com (yw-out-2324.google.com [74.125.46.30]) by mx1.freebsd.org (Postfix) with ESMTP id 6C9888FC1C for ; Tue, 19 May 2009 17:46:06 +0000 (UTC) (envelope-from alexus@gmail.com) Received: by yw-out-2324.google.com with SMTP id 9so2485196ywe.13 for ; Tue, 19 May 2009 10:46:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=1evUJEYNihXYJO9qyh2GLOm0F6VR5WHOeFPgaKKoq+g=; b=kRPVnMqh7uq6sx7C4pZsjvPZx6z5Baz5ldNs1vaCl6IIBSyZlAEtxej0yXRRg5hzAW NxkfQkCa3PmvFto9tTdwA3kCL4qYIC+KvVg8gNwY76em+I1iSJJCncVB9CJQfQGSCMK2 tt5z8ycKzQRA44//tHxT3m2tAwkSwVu+Tu3TU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=DZS9YMKYLsoT5TEu25NliFzakeNawnqH9yNbXk85tkhwPHnODyx3qbC3M2C0yLLN/s WQiV7FZesM8cdjSMI0ck/oFeoH5lA9kfPt99Sg23YKvVow8F1WJQKr9miZuh2tIztg8V N6YwMyOK8w+kixNh3F1KR5f89Noyh/+aqaRl4= MIME-Version: 1.0 Received: by 10.151.75.2 with SMTP id c2mr694088ybl.145.1242755165740; Tue, 19 May 2009 10:46:05 -0700 (PDT) In-Reply-To: <6ae50c2d0905191036h37262faahfa4c75589a4f8616@mail.gmail.com> References: <6ae50c2d0905191036h37262faahfa4c75589a4f8616@mail.gmail.com> Date: Tue, 19 May 2009 13:46:05 -0400 Message-ID: <6ae50c2d0905191046l3691ee3ke6fc0472ba90a9f9@mail.gmail.com> From: alexus To: "freebsd-questions@freebsd.org" Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Subject: Re: ipnat 911 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 May 2009 17:46:07 -0000 On Tue, May 19, 2009 at 1:36 PM, alexus wrote: > I'm running system with 2 jails > > host runs named > 1st jail runs mail > 2nd jail runs web > > jails needs to be able to reach out to outside world, for example mail > server needs to be able to communicate with remote server > > for that i decided to use ipnat, here is rule i used > > map bce0 mx -> mx > > same goes for web > > but after activating these rules my host itself is not able to reach > out to anything remote.. > > -- > http://alexus.org/ > the other thing is on host, and thats after few mintues i reload ipnat dd# ipnat -s mapped in 5022790 out 4034969 added 438863 expired 424203 no memory 0 bad nat 435 inuse 1256 orphans 0 rules 13 wilds 0 hash efficiency 66.56% bucket usage 40.84% minimal length 0 maximal length 7 average length 1.502 TCP Entries per state 0 1 2 3 4 5 6 7 8 9 10 11 0 0 0 0 5 1 1 0 1 0 50 15 dd# -- http://alexus.org/