From owner-freebsd-questions  Tue Jun 11 16:26:26 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from tunnel.cae.ca (gate2.cae.com [142.39.200.151])
	by hub.freebsd.org (Postfix) with ESMTP id 0770837B40D
	for <freebsd-questions@FreeBSD.ORG>; Tue, 11 Jun 2002 16:26:18 -0700 (PDT)
Received: from dns1.cae.ca (dns1.cae.ca [142.39.20.1])
Received: from caemsx04.cae.ca (caemsx04.cae.ca [142.39.20.178])
Received: by caemsx04.cae.ca with Internet Mail Service (5.5.2655.55)
Message-ID: <8A6A2A139700D5118EB6009027B0FF3A0D91D794@caemsx02.cae.ca>
From: Andrea Bacchet <baccheta@cae.com>
To: freebsd-questions@FreeBSD.ORG
Subject: IPFW/natd to my jail
Date: Tue, 11 Jun 2002 13:51:26 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2655.55)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Greetings,

	I have a host computer called dagobah, which
runs a virtual system in a jailed environment, called
darkside. This system is running FreeBSD 4.5-RELEASE.

host (dagobah) xl0 IP 143.whatever
     jail (darkside) IP alias to xl0 (192.168.200.13)

	My current problem is that I would like certain
services (ssh port 22) to be forwarded from my host
to my jail.

	So if a user tries to connect to my dagobah system
on port 22 with ssh. He will actually login to the jail.
He doesn't see the difference.

	Now here are my questions!

1- I enabled ipfw and am using the "open" configuration from
   rc.firewall

   however, now when I try to connect to my jail, I get the same
   error I was getting when I didn't have my resolv.conf in my
   jail environment setup properly.

   It takes forever to connect (aprox 4-5 mins).

   This means that by enabling ipfw, even though I am using
   the "open" configuration. something got broken.

2- I would essentially like to have this kind of functionality

host (dagobah)
    allow ftp (port 21)
    allow www (port 80)
    allow ssh (port 777)

jail (darkside)
    allow ssh (port 22)

    with natd forwarding all requests dagobah received on port 22
    to the jail's sshd.

    Everything else should be blocked.

  
I would really appreciate any help in figuring out how to set this
up. I mean I have read through the ipfw docs (I am still doing so),
but I have no idea how to fix problem #1 (host to jail communications)
and I don't know how to setup the natd forwarding.

I really did not want to learn the entire ipfw / natd, just to get this
simple jail setup working. But it looks like I have no choice!

	cheers,

__
Andy
     

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message