From owner-freebsd-jail@FreeBSD.ORG Sat Oct 18 09:53:17 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8B7EF1065689 for ; Sat, 18 Oct 2008 09:53:17 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [91.103.162.4]) by mx1.freebsd.org (Postfix) with ESMTP id 4A01C8FC1C for ; Sat, 18 Oct 2008 09:53:17 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from localhost (localhost.codelab.cz [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id 28A8E19E023; Sat, 18 Oct 2008 11:53:16 +0200 (CEST) Received: from [192.168.1.2] (r5bb235.net.upc.cz [86.49.61.235]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id 0B1C019E019; Sat, 18 Oct 2008 11:53:13 +0200 (CEST) Message-ID: <48F9B22B.4060200@quip.cz> Date: Sat, 18 Oct 2008 11:53:47 +0200 From: Miroslav Lachman <000.fbsd@quip.cz> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.12) Gecko/20050915 X-Accept-Language: cz, cs, en, en-us MIME-Version: 1.0 To: =?UTF-8?B?VXJvxaEgR3J1YmVy?= References: <3ef844230810180107k6d1c4c67vd33f83aa25960ee@mail.gmail.com> In-Reply-To: <3ef844230810180107k6d1c4c67vd33f83aa25960ee@mail.gmail.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Cc: freebsd-jail@freebsd.org Subject: Re: Local IP in jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Oct 2008 09:53:17 -0000 Uroš Gruber wrote: > Hi, > > I'm setting up new jail and I was thinking enabling it on some local > IP (10.1.1.1 for example). I added an alias in rc.conf and also > created the jail. The only problem I have is routing is not working as > it should. I don't know if it is because of jail or do I need to add > manual > routing for this IP to be able comunicate with outside world. Is it > even possible to work this way and than use ipf to redirect trafic > onto jail itself? It is possible. I am using Jails only this way (with private IPs and NAT+RDR in PF) Maybe you need to set net.inet.ip.forwarding=1 (in sysctl.conf) or gateway_enable="YES" in rc.conf Miroslav Lachman