Date: Fri, 13 Apr 2012 14:53:49 -0600 From: "Chad Leigh Shire.Net LLC" <chad@shire.net> To: FreeBSD Mailing List <freebsd-questions@freebsd.org> Subject: Re: Changes in Jails from FreeBSD 6 to FreeBSD 9 -- particularly, networking and routing Message-ID: <FEED68A4-0C10-4057-B37B-EEA780977F25@shire.net> In-Reply-To: <op.wcpyqodb34t2sn@tech304> References: <BCF3FB8D-7FF0-4CB4-8491-6472EDED96B2@shire.net> <op.wcpyqodb34t2sn@tech304>
next in thread | previous in thread | raw e-mail | index | archive | help
On Apr 13, 2012, at 1:50 PM, Mark Felder wrote: > Do I understand this right? >=20 >=20 > Working in FreeBSD 6.x: >=20 > interface em0: 1.2.3.4/24 <-- public IP, host only > 192.168.1.1/24 <-- private IP, host only > 192.168.1.2/24 <-- Jail #1 > 192.168.1.3/24 <-- Jail #2 >=20 >=20 > With this configuration you had no problems accessing the internet = from the jails. correct. (not that it did not matter I don't think is the private IP, host only = exists and ALL IP exist on the host in addition to whatever Jail they = are assigned to) >=20 > Is this correct? This seems bizarre; this should only be possible if = you're doing NAT somewhere in there and that is not possible with Jails = v1 (which share a network stack) and is only possible in Jails v2 = (vnet). No NAT needed since they share the network stack under Jails v1 they = share the routing tables. It works. Try it. The question is, is it possible to do something similar with FreeBSD 9 = jails (v2 I guess) without the overhead of running NAT? The jail with = the private IP *can* access the HOST's public services but not anyone = else's Chad
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?FEED68A4-0C10-4057-B37B-EEA780977F25>