From owner-freebsd-jail@FreeBSD.ORG  Tue May 28 08:07:29 2013
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115])
 by hub.freebsd.org (Postfix) with ESMTP id BF55FA8B
 for <freebsd-jail@freebsd.org>; Tue, 28 May 2013 08:07:29 +0000 (UTC)
 (envelope-from goya@eik.bme.hu)
Received: from mono.eik.bme.hu (mono.eik.bme.hu
 [IPv6:2001:738:2001:2001::2001])
 by mx1.freebsd.org (Postfix) with ESMTP id 8086316F
 for <freebsd-jail@freebsd.org>; Tue, 28 May 2013 08:07:29 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by mono.eik.bme.hu (Postfix) with ESMTP id 45A63D1F8;
 Tue, 28 May 2013 10:07:20 +0200 (CEST)
X-Virus-Scanned: amavisd-new at eik.bme.hu
Received: from mono.eik.bme.hu ([127.0.0.1])
 by localhost (mono.eik.bme.hu [127.0.0.1]) (amavisd-new, port 10024)
 with LMTP id l-r-utoCdW69; Tue, 28 May 2013 10:07:20 +0200 (CEST)
Received: by mono.eik.bme.hu (Postfix, from userid 884)
 id 01214D2C5; Tue, 28 May 2013 10:07:19 +0200 (CEST)
Date: Tue, 28 May 2013 10:07:19 +0200
From: =?utf-8?B?SsOBS8OTIEFuZHLDoXM=?= <jako.andras@eik.bme.hu>
To: Mogamat Abrahams <lists@tabits.co.za>, freebsd-jail@freebsd.org,
 Ian Smith <smithi@nimnet.asn.au>
Subject: Re: Cant reach Jailed services from internet.
Message-ID: <20130528080719.GA11195@eik.bme.hu>
References: <loom.20130527T091739-282@post.gmane.org>
 <cc5f425486d0fc06e1ddc0a8cbe300ad@nanogene.org>
 <loom.20130527T215634-190@post.gmane.org>
 <20130528145629.X55451@sola.nimnet.asn.au>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <20130528145629.X55451@sola.nimnet.asn.au>
User-Agent: Mutt/1.4.2.3i
Organization: Budapest University of Technology and Economics - Division of
 Telecommunications and Informatics
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 28 May 2013 08:07:29 -0000

>  > > Any reason you are running your webjail on the broadcast IP for the 
>  > > subnet? IP range for your 0xfffffffc net would be (.77|.78).
>  > 
>  > Hi,
>  > 
>  > Thanks, however thats the info I got the from people providing the machine :
> 
> That's a worry .. you won't do any good trying to use the broadcast 
> address.  Mats is right, you only get 2 usable addresses with a /30.

Assigning a /30 for four jails is perfectly valid, if it's an aggregate
of four /32s. I would configure a static route on the default gateway
for 174.x.x.76/30 -> 67.x.x.x, then on the host I'd assign the four /32s
to lo1..lo4. Packets arrive to the jails because of the /30 static route
in the neighbouring router, packets leave the jail because of the host's
already existing default route, and of course traffic between the jails
and the host are OK because the kernel knows its own interfaces.
(Actually that's how I run my FreeBSD jails.)

>  > The hosts rc.conf:
>  > 
>  > ipv4_addrs_em0="67.x.x.x/27 174.x.x.76-79/30"

Regards,
András