Date: Fri, 22 Jul 2005 00:20:34 +0200 From: Jaco van Tonder <jaco@coocoo.za.net> To: "Chad Leigh -- Shire.Net LLC" <chad@shire.net> Cc: freebsd-questions@freebsd.org Subject: Re: [Jail] Setting default route in Jail? Message-ID: <42E01FB2.3090402@coocoo.za.net> In-Reply-To: <B4E8042C-7A18-420D-A3EA-D510E0F95761@shire.net> References: <2217.196.37.144.120.1121958167.squirrel@webmail.premsoft.co.za> <B4E8042C-7A18-420D-A3EA-D510E0F95761@shire.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Chad, Chad Leigh -- Shire.Net LLC typed on a keyboard not too far away, on 7/21/2005 5:19 PM: > > On Jul 21, 2005, at 9:02 AM, jaco@coocoo.za.net wrote: > >> Hello All, >> >> My setup looks like this: >> The FreeBSD machine have a public range IP address, and I set up a >> couple >> of jails with private range IP addresses (192.168.x.x) on the same box. >> >> The private range ip adresses are set up as aliases, using the procedure >> as described in the jail(8) man page. >> >> All works fine, except for the fact that from within the jails I do not >> have internet connectivity as the default route is the same as my jail >> hosts default route. For this to work I would have to be able to set my >> default route in the jail environment to the IP address of my jail host >> and enable the jail host as a gateway. >> >> The problem is that you are not allowed to set the default route >> inside of >> the jail, and currently this default route is the default route of the >> jail host. >> >> I am sure other people must have had this problem before and found a >> solution. :) >> >> Anybody know any workrounds? Or maybe a better way to set this up? > > > Hi > > I got it working though I don't remember exactly how. I set my host as > a gateway and maybe played around with some ipfw rules. I did do some > ipfw rules and set up natd but I don't remember exactly what it was I > was doing with them (meaning why) as I had some other needs as well... > > The xxx out addresses are the public netblock we have. I am not an > ipfw expert and came up with these through trial and error and reading > web pages in the middle of the night > > waymoot# more rc.firewall > #!/bin/sh > # > /sbin/ipfw -f flush > /sbin/ipfw add pass all from x.x.x.0/24 to me > /sbin/ipfw add pass all from me to x.x.x.0/24 via bge0 > /sbin/ipfw add pass all from 192.168.2.0/24 to me > /sbin/ipfw add pass all from 192.168.1.0/24 to me > /sbin/ipfw add pass all from me to 192.168.2.0/24 via bge1 > /sbin/ipfw add pass all from me to 192.168.1.0/24 via bge0 > /sbin/ipfw add divert natd all from any to any via bge0 > /sbin/ipfw add pass all from any to any > waymoot# Thanks, Your post actually made me think a bit for a change and I COMPLETELY forgot about the NAT. :P After adding the following rule to my pf.conf, it started working: nat on em0 from 192.168.53.1 to any -> 192.168.10.56 Thanks again! ---Jaco -- Jaco van Tonder Software Developer Direct: +27 11 312 2122 :: Fax: +27 11 312 2122 :: Mobile: +27 83 417 5424 Email: jaco@coocoo.za.net :: Web: http://www.coocoo.za.net/ Real Software Engineers don't debug programs; they verify correctness. This process doesn't necessarily involve execution of anything on a computer, except perhaps a Correctness Verification Aid package.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42E01FB2.3090402>