Date: Sun, 29 Nov 2015 04:54:58 +1100 From: Dewayne Geraghty <dewaynegeraghty@gmail.com> To: Nathan Aherne <nathan@reddog.com.au> Cc: Julian Elischer <julian@freebsd.org>, "freebsd-ipfw@freebsd.org" <freebsd-ipfw@freebsd.org>, Ian Smith <smithi@nimnet.asn.au> Subject: Re: Kernel NAT issues Message-ID: <CAGnMC6ov%2Bw2N0NgocGYra2Z0hK_76th7-=GGNShG%2B8P%2BME7Lnw@mail.gmail.com> In-Reply-To: <CA479F59-7408-4146-8F5A-85213DB64720@reddog.com.au> References: <94B91F98-DE01-4A10-8AB5-4193FE11AF3F@reddog.com.au> <20151013142301.B67283@sola.nimnet.asn.au> <C1C25100-FBD4-42F4-94F7-965B270D927F@reddog.com.au> <20151014232026.S15983@sola.nimnet.asn.au> <9908EC22-344F-4D0B-8930-7D2C70B084A1@reddog.com.au> <32DEEFB3-E41F-40CD-8E1A-520FB261C572@reddog.com.au> <564C8879.8070307@freebsd.org> <20151119032200.T27669@sola.nimnet.asn.au> <9D81BDD4-200C-40AB-AB24-B1112881E43A@reddog.com.au> <3BF360A8-35E6-4043-8AFF-87D983F29C66@reddog.com.au> <5652B9EB.10805@freebsd.org> <CA479F59-7408-4146-8F5A-85213DB64720@reddog.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
Nathan, I've gone the same way that you have, ie bunch of jails that are individually providing services& kernel Nat. It takes careful planning and the knowledge that the default route will be the first IP in your jail.conf list for each jail. Getting jails to play nice means fiddling around with all interfaces. If you can take ipfw out of the equation until you can see tcpdump traffic doing what you want; the challenge hasn't been ipfw in my experience. (& yes initially I've had three tcpdumps going at once too; along with old friends: raw ip & ping ) Enjoy the fun of getting it to work, it's well worth the effort. (And be thankful that you aren't using pf, another level of complexity but suits my needs perfectly) ;) Dewayne
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAGnMC6ov%2Bw2N0NgocGYra2Z0hK_76th7-=GGNShG%2B8P%2BME7Lnw>