Date: Fri, 13 Apr 2012 14:53:49 -0600 From: "Chad Leigh Shire.Net LLC" <chad@shire.net> To: FreeBSD Mailing List <freebsd-questions@freebsd.org> Subject: Re: Changes in Jails from FreeBSD 6 to FreeBSD 9 -- particularly, networking and routing Message-ID: <FEED68A4-0C10-4057-B37B-EEA780977F25@shire.net> In-Reply-To: <op.wcpyqodb34t2sn@tech304> References: <BCF3FB8D-7FF0-4CB4-8491-6472EDED96B2@shire.net> <op.wcpyqodb34t2sn@tech304>
next in thread | previous in thread | raw e-mail | index | archive | help
On Apr 13, 2012, at 1:50 PM, Mark Felder wrote: > Do I understand this right? > > > Working in FreeBSD 6.x: > > interface em0: 1.2.3.4/24 <-- public IP, host only > 192.168.1.1/24 <-- private IP, host only > 192.168.1.2/24 <-- Jail #1 > 192.168.1.3/24 <-- Jail #2 > > > With this configuration you had no problems accessing the internet from the jails. correct. (not that it did not matter I don't think is the private IP, host only exists and ALL IP exist on the host in addition to whatever Jail they are assigned to) > > Is this correct? This seems bizarre; this should only be possible if you're doing NAT somewhere in there and that is not possible with Jails v1 (which share a network stack) and is only possible in Jails v2 (vnet). No NAT needed since they share the network stack under Jails v1 they share the routing tables. It works. Try it. The question is, is it possible to do something similar with FreeBSD 9 jails (v2 I guess) without the overhead of running NAT? The jail with the private IP *can* access the HOST's public services but not anyone else's Chad
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?FEED68A4-0C10-4057-B37B-EEA780977F25>