Date: Tue, 1 Dec 2015 08:49:50 +0100 From: Ben Woods <woodsb02@gmail.com> To: Nathan Aherne <nathan@vuid.com> Cc: Julian Elischer <julian@freebsd.org>, freebsd-net@freebsd.org Subject: Re: vimage and jail networking Message-ID: <CAOc73CCoy2DDb6c5itXzqP0oEcokJ324r3TV_h5qkZFiLK3SVQ@mail.gmail.com> In-Reply-To: <5101F264-B28E-42D0-8C21-623D6C01DFB6@vuid.com> References: <8538858C-BE02-489A-BC1B-2315AC18AD3F@vuid.com> <565D17D2.1090007@freebsd.org> <5101F264-B28E-42D0-8C21-623D6C01DFB6@vuid.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 1 December 2015 at 06:48, Nathan Aherne <nathan@vuid.com> wrote > Thank you for helping me to understand vimage better Julian! I have read > all three links you posted a number of times. > > I use iocage for jail management and it uses epair. From your comments it > seems you recommend netgraph? > > This is the link to the iocage image instructions - > https://iocage.readthedocs.org/en/latest/networking.html#configuring-a-vnet-jail > < > https://iocage.readthedocs.org/en/latest/networking.html#configuring-a-vnet-jail>. > It seems that iocage does a number of things automatically or at least I am > still confused on how to use iocage and vimage to have multiple jails share > a single public (external) IP. I will continue to read the links you sent > me in the hopes that the ahah moment comes to me. > > Regards, > > Nathan > The public IP will be configured on whichever device you have connected to the internet. Normally that is a physically separate edge firewall/router. It has the public IP and performs NAT for any devices on the LAN that talk to the internet. This configuration has nothing to do with your jails - it is required for any computers on your LAN which talk to the internet. The jails are then each configured with a LAN address (10.0.0.0/8 range if you like). When they need to talk to the internet, they will go via their default route, which is normally your edge firewall/router, and is often given a 10.0.0.1 address (but could be anything you like). The router will perform the NAT, and if you want the jails to host service listening for internet traffic, you will also need to configure port forwarding on the router to send traffic on the relevant ports to your jails on their LAN IP address. Note that if your router happens to be the host running the jails, this doesn't change any of the above. Regards, Ben
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAOc73CCoy2DDb6c5itXzqP0oEcokJ324r3TV_h5qkZFiLK3SVQ>