Date: Tue, 11 Jun 2002 09:29:27 -0400 From: Andrea Bacchet <baccheta@cae.com> To: "'mh_lists@digitalspy.co.uk'" <mh_lists@digitalspy.co.uk>, Andrea Bacchet <baccheta@CAE.COM> Cc: freebsd-questions@FreeBSD.ORG Subject: RE: Jail single ip network (FreeBSD 4.5) Message-ID: <8A6A2A139700D5118EB6009027B0FF3A0D91D78E@caemsx02.cae.ca>
next in thread | raw e-mail | index | archive | help
Greetings Mark, What I would like to do, is just make the jail invisible to the outside world. I mean I have some services running in the jail and some outside of it. When users will be asked to login, I will give them only the dagobah ip. Depending on what services they use, they'll either be logging in to the jail or into the host. Therefore I will have to look into natd, to forward the requests internally. If anyone has a quick solution, I'd really appreciate it. Until then I'll read into natd. cheers, __ Andy -----Original Message----- From: Mark Hughes [mailto:mh_lists@digitalspy.co.uk] Sent: Monday, June 10, 2002 5:48 PM To: Andrea Bacchet Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Jail single ip network (FreeBSD 4.5) > Uhmm, that is indeed very strange. I thought to myself > when re-reading my message, that is was odd that I wrote > resolve.conf, it turns out that is the name of the file > in my jail! :) > My only remaining problem is how to connect to > my jail from outside that box! > > dagobah (host) <-- has static IP provided to me by our IT dept. > darkside (jail) <-- has 192.168.200.13 as ip alias you need to tell your host that it can route to the jail IP by looking at itself (don't ask me how to do that :) ). If you want it accessible from elsewhere on your network, your network must know to route requests for that IP address to dagobah, and dagobah must know to route them to the jail. It'd probably be much easier to get a real, static IP for the jail in the same subnet as dagobah, then it'd all sort itself out most likely. > I have made sure my services run on different ports, > so there are no conflicts. as the jail has a separate IP address to the host, it shouldn't matter what port conflicts there are. If you want to make it appear to the external world like the services within the jail are operating on the host, then I guess you'd need to do NAT (man natd) on the requests or something... can't think how else you could do that really. Hope this helps. Mark To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8A6A2A139700D5118EB6009027B0FF3A0D91D78E>