From owner-freebsd-questions@FreeBSD.ORG  Fri Apr 13 20:53:51 2012
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 38DD91065674
	for <freebsd-questions@freebsd.org>;
	Fri, 13 Apr 2012 20:53:51 +0000 (UTC) (envelope-from chad@shire.net)
Received: from mail.shire.net (mail.shire.net [209.41.94.250])
	by mx1.freebsd.org (Postfix) with ESMTP id 1BE658FC16
	for <freebsd-questions@freebsd.org>;
	Fri, 13 Apr 2012 20:53:51 +0000 (UTC)
Received: from c-76-27-96-201.hsd1.ut.comcast.net ([76.27.96.201]
	helo=[192.168.99.216])
	by mail.shire.net with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.51)
	id 1SInV8-000KWc-ID
	for freebsd-questions@freebsd.org; Fri, 13 Apr 2012 14:53:50 -0600
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Apple Message framework v1257)
From: "Chad Leigh Shire.Net LLC" <chad@shire.net>
In-Reply-To: <op.wcpyqodb34t2sn@tech304>
Date: Fri, 13 Apr 2012 14:53:49 -0600
Content-Transfer-Encoding: quoted-printable
Message-Id: <FEED68A4-0C10-4057-B37B-EEA780977F25@shire.net>
References: <BCF3FB8D-7FF0-4CB4-8491-6472EDED96B2@shire.net>
	<op.wcpyqodb34t2sn@tech304>
To: FreeBSD Mailing List <freebsd-questions@freebsd.org>
X-Mailer: Apple Mail (2.1257)
X-SA-Exim-Connect-IP: 76.27.96.201
X-SA-Exim-Mail-From: chad@shire.net
X-SA-Exim-Scanned: No (on mail.shire.net); SAEximRunCond expanded to false
Subject: Re: Changes in Jails from FreeBSD 6 to FreeBSD 9 -- particularly,
	networking and routing
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Apr 2012 20:53:51 -0000


On Apr 13, 2012, at 1:50 PM, Mark Felder wrote:

> Do I understand this right?
>=20
>=20
> Working in FreeBSD 6.x:
>=20
> interface em0: 1.2.3.4/24  <-- public IP, host only
>           192.168.1.1/24  <-- private IP, host only
>           192.168.1.2/24  <-- Jail #1
>           192.168.1.3/24  <-- Jail #2
>=20
>=20
> With this configuration you had no problems accessing the internet =
from the jails.

correct.

(not that it did not matter I don't think is the private IP, host only =
exists and ALL IP exist on the host in addition to whatever Jail they =
are assigned to)

>=20
> Is this correct? This seems bizarre; this should only be possible if =
you're doing NAT somewhere in there and that is not possible with Jails =
v1 (which share a network stack) and is only possible in Jails v2 =
(vnet).


No NAT needed since they share the network stack under Jails v1 they =
share the routing tables.  It works.  Try it.

The question is, is it possible to do something similar with FreeBSD 9 =
jails (v2 I guess) without the overhead of running NAT?   The jail with =
the private IP *can* access the HOST's public services but not anyone =
else's

Chad