From owner-freebsd-questions Tue Jun 11 16:34:16 2002 Delivered-To: freebsd-questions@freebsd.org Received: from relay2.cae.ca (gate2.cae.com [142.39.200.151]) by hub.freebsd.org (Postfix) with ESMTP id 972BC37B400 for ; Tue, 11 Jun 2002 16:34:09 -0700 (PDT) Received: from dns1.cae.ca (dns1.cae.ca [142.39.20.1]) Received: from caemsx04.cae.ca (caemsx04.cae.ca [142.39.20.178]) Tue, 11 Jun 2002 09:29:28 -0400 (EDT) Received: by caemsx04.cae.ca with Internet Mail Service (5.5.2655.55) Message-ID: <8A6A2A139700D5118EB6009027B0FF3A0D91D78E@caemsx02.cae.ca> From: Andrea Bacchet To: "'mh_lists@digitalspy.co.uk'" , Andrea Bacchet Cc: freebsd-questions@FreeBSD.ORG Subject: RE: Jail single ip network (FreeBSD 4.5) Date: Tue, 11 Jun 2002 09:29:27 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2655.55) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Greetings Mark, What I would like to do, is just make the jail invisible to the outside world. I mean I have some services running in the jail and some outside of it. When users will be asked to login, I will give them only the dagobah ip. Depending on what services they use, they'll either be logging in to the jail or into the host. Therefore I will have to look into natd, to forward the requests internally. If anyone has a quick solution, I'd really appreciate it. Until then I'll read into natd. cheers, __ Andy -----Original Message----- From: Mark Hughes [mailto:mh_lists@digitalspy.co.uk] Sent: Monday, June 10, 2002 5:48 PM To: Andrea Bacchet Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Jail single ip network (FreeBSD 4.5) > Uhmm, that is indeed very strange. I thought to myself > when re-reading my message, that is was odd that I wrote > resolve.conf, it turns out that is the name of the file > in my jail! :) > My only remaining problem is how to connect to > my jail from outside that box! > > dagobah (host) <-- has static IP provided to me by our IT dept. > darkside (jail) <-- has 192.168.200.13 as ip alias you need to tell your host that it can route to the jail IP by looking at itself (don't ask me how to do that :) ). If you want it accessible from elsewhere on your network, your network must know to route requests for that IP address to dagobah, and dagobah must know to route them to the jail. It'd probably be much easier to get a real, static IP for the jail in the same subnet as dagobah, then it'd all sort itself out most likely. > I have made sure my services run on different ports, > so there are no conflicts. as the jail has a separate IP address to the host, it shouldn't matter what port conflicts there are. If you want to make it appear to the external world like the services within the jail are operating on the host, then I guess you'd need to do NAT (man natd) on the requests or something... can't think how else you could do that really. Hope this helps. Mark To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message