From owner-freebsd-questions@FreeBSD.ORG Mon Mar 24 15:03:51 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 354E194 for ; Mon, 24 Mar 2014 15:03:51 +0000 (UTC) Received: from tds-solutions.net (tds-solutions.net [69.164.206.65]) by mx1.freebsd.org (Postfix) with ESMTP id 00BA7F8B for ; Mon, 24 Mar 2014 15:03:48 +0000 (UTC) Received: from [192.168.1.224] (unknown [69.43.65.114]) (Authenticated sender: tyler) by tds-solutions.net (Postfix) with ESMTPSA id C8B22A11E; Mon, 24 Mar 2014 09:09:48 -0600 (MDT) Message-ID: <533049C0.700@tysdomain.com> Date: Mon, 24 Mar 2014 11:05:36 -0400 From: "Littlefield, Tyler" User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20120907 Thunderbird/15.0.1 MIME-Version: 1.0 To: Jeff Tipton Subject: Re: jails, subnets and etc? References: <532E5F05.2040207@tysdomain.com> <532E984B.3060209@mail.com> <532EF0FE.8020907@tysdomain.com> <532F20C1.20700@mail.com> In-Reply-To: <532F20C1.20700@mail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.17 Cc: freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list Reply-To: tyler@tysdomain.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Mar 2014 15:03:51 -0000 On 3/23/2014 1:58 PM, Jeff Tipton wrote: You have a heap of settings in your rc.conf. Is this machine already doing something? It would be better to comment most of this stuff out and start from scratch -- leaving only the absolutely necessary -- hostname (fully qualified), ifconfig_em0 line and the defaultrouter line. And then go step by step, so you understand what's going on. First, you don't need to enable "jail" if you are enabling "ezjail". And you will need to set up an alias for the em0 network interface, one per jail. Without that you won't have a communication with your ezjail. If you set up a jail with address 192.168.0.2, you need this same address to attach to em0 as an alias. -Jeff Hello: It seems I have some good news to report, though not much. My jail has an IP address and I can connect to it from the host via telnet. Everything is running perfectly, but the jail is still unable to connect out: root@sapphire:/etc # sysctl net.inet.ip.forwarding net.inet.ip.forwarding: 1 My next solution would be to create a pseudo interface (is this posible), which will allow me to keep the jail separate from the outside world, then give an interface to each jail. Is this possible? then I could just forward outbound connections from the jail's interface to the public interface and forward individual connections through. otherwise, there could be a lot of issues--if there is an alias on em0 for 192.168.0.2, perhaps any outbound connections are getting sent out with that address (which the data center's routers may not like), etc.