From owner-freebsd-questions@FreeBSD.ORG  Thu Dec  9 20:18:37 2010
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 179CC1065672
	for <questions@freebsd.org>; Thu,  9 Dec 2010 20:18:37 +0000 (UTC)
	(envelope-from aimass@yabarana.com)
Received: from mail-ww0-f50.google.com (mail-ww0-f50.google.com [74.125.82.50])
	by mx1.freebsd.org (Postfix) with ESMTP id AD0198FC17
	for <questions@freebsd.org>; Thu,  9 Dec 2010 20:18:36 +0000 (UTC)
Received: by wwf26 with SMTP id 26so2695841wwf.31
	for <questions@freebsd.org>; Thu, 09 Dec 2010 12:18:35 -0800 (PST)
MIME-Version: 1.0
Received: by 10.227.134.10 with SMTP id h10mr10955713wbt.200.1291924273892;
	Thu, 09 Dec 2010 11:51:13 -0800 (PST)
Sender: aimass@yabarana.com
Received: by 10.227.145.133 with HTTP; Thu, 9 Dec 2010 11:51:13 -0800 (PST)
In-Reply-To: <AANLkTinT1F_Z4iUX_8Jq2pmyEPag3apqaapnebDkdViv@mail.gmail.com>
References: <AANLkTinT1F_Z4iUX_8Jq2pmyEPag3apqaapnebDkdViv@mail.gmail.com>
Date: Thu, 9 Dec 2010 14:51:13 -0500
X-Google-Sender-Auth: qDg4vcAxKPInwa8ziB9pksH9yzM
Message-ID: <AANLkTikYM3=BxRsAuwvQdUyNQxP3fzWotX4sE1oZoSLA@mail.gmail.com>
From: Alejandro Imass <ait@p2ee.org>
To: Eitan Adler <lists@eitanadler.com>
Content-Type: text/plain; charset=ISO-8859-1
Cc: questions@freebsd.org
Subject: Re: simple NAT for jails
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Dec 2010 20:18:37 -0000

On Thu, Dec 9, 2010 at 12:23 PM, Eitan Adler <lists@eitanadler.com> wrote:
> Hi,
> I want to throw together some jails for friends to play with. I'm not
> terribly concerned about security on this machine. My goal is to do
> something like
> ezjail create james 10.0.0.1
> ezjail create jared 10.0.0.2
> ezjail create joe 10.0.0.3
> ezjail create idaho 10.0.0.4
>
> I have a single IP address for my computer - so I would need some kind
> of nat to allow these jails to access the outside world - and allow
> the outside world to access them.
>
> I've looked into pf and I guess I would need something like
>
> nat on nfe0 from 10.0.0.1 to any -> $external_ip
>
> is this correct?
> Do I need anything in in /etc/pf.conf ?
>

you can use natd as well in rc.conf

  natd_enable="YES"
  natd_interface="rl1"
  natd_flags="-dynamic"

then as root in the base system

  kldload ipdivert
  natd -n rl1

or whatever your interface is

> --
> Eitan Adler
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
>