Date: Fri, 13 Apr 2012 17:58:42 -0500 From: Mark Felder <feld@feld.me> To: freebsd-questions@freebsd.org Subject: Re: Changes in Jails from FreeBSD 6 to FreeBSD 9 -- particularly, networking and routing Message-ID: <op.wcp7f4kr34t2sn@cr48.lan> In-Reply-To: <FEED68A4-0C10-4057-B37B-EEA780977F25@shire.net> References: <BCF3FB8D-7FF0-4CB4-8491-6472EDED96B2@shire.net> <op.wcpyqodb34t2sn@tech304> <FEED68A4-0C10-4057-B37B-EEA780977F25@shire.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 13 Apr 2012 15:53:49 -0500, Chad Leigh Shire.Net LLC <chad@shire.net> wrote: > No NAT needed since they share the network stack under Jails v1 they > share the routing tables. It works. Try it. You're clearly exploiting a bug in FreeBSD 6's jails. It must get confused and send your public IP on those packets. I have no idea how it processes the return traffic successfully, but "that's a neat trick!". There is no possible way for this to work without NAT or whatever bug this is. If a Jail has a 192.168 IP all packets would leave with a source of 192.168. When Google or whoever on the internet gets your packets it would see 192.168 and probably drop it because that's not a publicly routable network. Without NAT it's impossible for any device anywhere on the planet to access the internet with an RFC 1918 IP address. I urge you to share your experience on the freebsd-jail@ mailing list. Those guys might be able to lend some further insight. I bet the change came with the update to jails that allows multiple IPs.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?op.wcp7f4kr34t2sn>