Date: Fri, 14 Aug 2020 10:27:01 -0400 From: Ernie Luzar <luzar722@gmail.com> To: Steve O'Hara-Smith <steve@sohara.org> Cc: freebsd-questions@freebsd.org, Ernie Luzar <luzar722@gmail.com> Subject: Re: How to steer public traffic to a jail Message-ID: <5F369F35.2020606@gmail.com> In-Reply-To: <20200814140634.495e7e018f683e97b0da3d3d@sohara.org> References: <5F367EA9.20809@gmail.com> <20200814132006.8864951f45baffd383c1a171@sohara.org> <5F368AAF.4090904@gmail.com> <20200814140634.495e7e018f683e97b0da3d3d@sohara.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Steve O'Hara-Smith wrote: > On Fri, 14 Aug 2020 08:59:27 -0400 > Ernie Luzar <luzar722@gmail.com> wrote: > >> Steve O'Hara-Smith wrote: >>> On Fri, 14 Aug 2020 08:08:09 -0400 >>> Ernie Luzar <luzar722@gmail.com> wrote: >>> >>>> I have 4 registered domain names, one for each jail. How do I get >>>> [ALL] public traffic to a domain name directed to the desired jail? >>> Do you have four public IP addresses to go with them ? If not >>> what sort of "public traffic" are you talking about just http/s or other >>> protocols ? >>> >> [ALL] means everything. > > OK. > >> Host and each jail have own website, email, ftp, ssh services plus what >> ever the owner of the jail wants to install. > > For that the jail needs it's own public IP address. > >> Tagging a port number on the end of the domain name is not a option. > > No, because you need each one to have ports 21, 22, 25 ... open > independently. > >> Host that jails are on has just single public ipv4 address. > > In that case there's only one set of public ports. You *can* run > some services on non-standard ports but email won't for one. You're SOL > unless you can get more public IP addresses to use. > >> My ISP has not enabled ipv6 yet. > > If IPv6 addresses will do for public then you can always tunnel an > IPv6 connection from Hurricane Electric - it's free and you get a /64 and > if you want it a /48 to use. I think they're the only tunnel broker left > that still provides tunnels on request. > So what I hear you saying is there is only one set of official port numbers. That any port can only be used one time. [IE; if host is using port 22 then it can not be used in a jail.] This method requires the host firewall to forward the inbound port number to a jails internal private ip address after the fqdn directs the traffic to the hosts single ipv4 address. Which most likely is a home type of ISP account having a dynamic ip address. Another conclusion is that for jails to be the target of public traffic containing their own set of the official port numbers, the host must have multiple public ipv4 address assigned to it with each unique fqdn using one of the public ip address. That means a business type of ISP account which is expensive with additional fees for each additional static ip addresses needed. Is my understanding correct?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5F369F35.2020606>