From owner-freebsd-pf@FreeBSD.ORG Tue Jul 8 07:05:46 2014 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 98FF75F9 for ; Tue, 8 Jul 2014 07:05:46 +0000 (UTC) Received: from mail-qg0-x22e.google.com (mail-qg0-x22e.google.com [IPv6:2607:f8b0:400d:c04::22e]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 5D76D22C5 for ; Tue, 8 Jul 2014 07:05:46 +0000 (UTC) Received: by mail-qg0-f46.google.com with SMTP id q107so4593312qgd.33 for ; Tue, 08 Jul 2014 00:05:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=RP0Eyd+madI/FzInMjplJZWOux4WF2CriMEsyKbaW/s=; b=pVrpJrzKzLYUXxVAEyGrallLtOxzk9ciGl35q0pAt/Tg/ZuZzGpejl3OUd9aGrEfgP 6cDXtVJ/C750vJer7s+VmDwKdJTPLZWB7iSslhNRGqkw/Jec8mthtVgV4LsrmktIBZHt X78Ngs+CmyaC2gFEdMfT2fOCGWUF66scK8ydgI1DdkRzOyDqTjUWyXYat3GfHrOj6G+P lufnMkWnd3jjAM0MZlHB/Sl8xwCE4B6a9f6bgRi4G4I6f8zzMUB1UGQkV9CiDgoRxIgP ZASjgT+3suxMn5NAAXFcfvLCekLqcupaFvC0y5jTqpJwWmsYEQq5CDStZ1CrvX+L500w xPXg== MIME-Version: 1.0 X-Received: by 10.140.102.15 with SMTP id v15mr52998461qge.93.1404803145312; Tue, 08 Jul 2014 00:05:45 -0700 (PDT) Received: by 10.140.89.5 with HTTP; Tue, 8 Jul 2014 00:05:45 -0700 (PDT) Date: Tue, 8 Jul 2014 09:05:45 +0200 Message-ID: Subject: Manage only on em0 is it really necessary with multi ip ? From: "bryn1u85 ." To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.18 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Jul 2014 07:05:46 -0000 Hey, I have a server in OVH and got 2 failover ips. I have been trying use it exemple on irc. My /etc/pf.conf ip_pub="94.23.237.216" ip_jail="{ 188.165.139.63, 91.121.239.228}" net_jail="192.168.0.0/24" ### NAT and Redirection rules are first match ### nat on em0 from $net_jail to any -> $ip_pub static-port ### RDR Redirection ### ###RDR for jail (Oksymoron) rdr on em0 proto tcp from any to $ip_pub port 21 -> $ip_jail port 21 rdr on em0 proto tcp from any to $ip_pub port 80 -> $ip_jail port 80 rdr on em0 proto tcp from any to $ip_pub port 113 -> $ip_jail port 113 rdr on em0 proto tcp from any to $ip_pub port 31337 -> $ip_jail port 31337 rdr on em0 proto tcp from any to $ip_pub port 30000:50000 -> $ip_jail port 30000:50000 My /etc/jail.conf Oksymoron { path = /jails/Oksymoron; mount.devfs; #allow.mount; #mount; host.hostname = Oksymoron.edu.pl; ip4.addr = 188.165.139.63, 91.121.239.228; interface = lo1; securelevel = 3; exec.start = "/bin/sh /etc/rc"; exec.stop = "/bin/sh /etc/rc.shutdown"; } Only ip which works is the first 188.165.139.63, how can i use second ip for the same jail and for the same ports ? For example on ircnet. Thanks !