From owner-freebsd-questions@FreeBSD.ORG Thu Dec 9 17:46:30 2010 Return-Path: Delivered-To: questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 831AE1065698 for ; Thu, 9 Dec 2010 17:46:30 +0000 (UTC) (envelope-from lists@eitanadler.com) Received: from mail-iw0-f174.google.com (mail-iw0-f174.google.com [209.85.214.174]) by mx1.freebsd.org (Postfix) with ESMTP id 5CAA78FC1C for ; Thu, 9 Dec 2010 17:46:30 +0000 (UTC) Received: by iwn9 with SMTP id 9so4133102iwn.19 for ; Thu, 09 Dec 2010 09:46:29 -0800 (PST) Received: by 10.231.30.73 with SMTP id t9mr474509ibc.144.1291915430901; Thu, 09 Dec 2010 09:23:50 -0800 (PST) MIME-Version: 1.0 Received: by 10.231.79.82 with HTTP; Thu, 9 Dec 2010 09:23:29 -0800 (PST) From: Eitan Adler Date: Thu, 9 Dec 2010 12:23:29 -0500 Message-ID: To: questions@freebsd.org Content-Type: text/plain; charset=UTF-8 Cc: Subject: simple NAT for jails X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Dec 2010 17:46:30 -0000 Hi, I want to throw together some jails for friends to play with. I'm not terribly concerned about security on this machine. My goal is to do something like ezjail create james 10.0.0.1 ezjail create jared 10.0.0.2 ezjail create joe 10.0.0.3 ezjail create idaho 10.0.0.4 I have a single IP address for my computer - so I would need some kind of nat to allow these jails to access the outside world - and allow the outside world to access them. I've looked into pf and I guess I would need something like nat on nfe0 from 10.0.0.1 to any -> $external_ip is this correct? Do I need anything in in /etc/pf.conf ? -- Eitan Adler