Date: Mon, 29 Jun 2020 10:41:50 +0200 From: =?utf-8?B?SsOBS8OTIEFuZHLDoXM=?= <jako.andras@eik.bme.hu> To: Ernie Luzar <luzar722@gmail.com> Cc: David Mehler <dave.mehler@gmail.com>, freebsd-jail <freebsd-jail@freebsd.org> Subject: Re: FreeBSD 12.1, vnet jail, and internet access Message-ID: <20200629084150.GC65151@eik.bme.hu> In-Reply-To: <5EF8F034.4040705@gmail.com> References: <CAPORhP7mU=4gMYWhkLPK-Sdyxcuhry4YTM%2B-vXOs27qeAc2a2Q@mail.gmail.com> <20200627204831.GC77414@eik.bme.hu> <CAPORhP4XmmT%2B2ZcDazZVAguBPAG2qYQaWFGWE73Sdgfk3htRVA@mail.gmail.com> <20200627213730.GE77414@eik.bme.hu> <5EF8F034.4040705@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> > > I was under the impression that the two stacks were separate? > > > > They are. But I don't think your ISP knows anything about your private > > subnet, so they won't send IP packets with your private destination > > address to you. And most probably they won't accept IP packets with your > > private source address from you. So you have to translate these private > > addresses if you want your ISP (and others) to forward them. > > > > > Should I nat on the bridge or epair? > > > > On the bridge, I guess. > > > > Have 2 questions. > > If there were no ip addresses on the bridge and the epair0b in the vnet jail > would packets pass out the bridge member external interface? It's a 802.1 bridge, it can pass frames to the external interface (according to its MAC address table). > How would I setup a public domain name to target the vnet jail? A public domain name should point to a public IP address. If your jail's IP address is a private one, and you do NAT, then use your public IP address (the one that is translated to the jail's private address). If you have a public address in the jail and you don't use address translation, then use the jail's public IP address in the DNS. AndrĂ¡s
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20200629084150.GC65151>