From owner-freebsd-questions@FreeBSD.ORG Fri Jul 23 19:41:15 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C1B4C106566C for ; Fri, 23 Jul 2010 19:41:15 +0000 (UTC) (envelope-from alexus@gmail.com) Received: from mail-wy0-f182.google.com (mail-wy0-f182.google.com [74.125.82.182]) by mx1.freebsd.org (Postfix) with ESMTP id 4DEBF8FC1B for ; Fri, 23 Jul 2010 19:41:14 +0000 (UTC) Received: by wyj26 with SMTP id 26so649236wyj.13 for ; Fri, 23 Jul 2010 12:41:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:reply-to :in-reply-to:references:date:message-id:subject:from:to:cc :content-type; bh=qO3BHxdt/G7H13fXAyV1RTQSXTiRqEN24k9nzDykMdE=; b=MnlMyeo/Bpgj4hlLmngQTuTsxmMCl26Q80GB8gJltlFn0vKraxseHME5qp6prien0i 69QdWjQQJ8yaaFMM+Ox6016vrAx9XzFf06H+QFWLCSTISv4C45odiTKfuNXASAv+zF2v 0OfHljFLtoROLEAKP2dXGbwG1dr4HE0q1wEZI= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:reply-to:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; b=oT1mLP9Wx9kwkiPl7CUpu/4LXl31/W1az928OPSvLXK29wPBodMuuBu+kas1ypmEoM +jRzqo799i0VlVThZspm1h0Ir4dG/GzS0rFCK3tywg9uNnIUsTNqKNxhetu/PYJ2dmWU ubo6vD3YlDvKoHXLw0AfMmlAyhJft1OpiTYfI= MIME-Version: 1.0 Received: by 10.227.208.7 with SMTP id ga7mr3907853wbb.126.1279914074015; Fri, 23 Jul 2010 12:41:14 -0700 (PDT) Received: by 10.216.229.202 with HTTP; Fri, 23 Jul 2010 12:41:13 -0700 (PDT) In-Reply-To: <4C49E2CD.7020607@locolomo.org> References: <4C3F91CF.5090206@locolomo.org> <4C419944.8030702@locolomo.org> <4C447F7F.6020308@locolomo.org> <4C45D57F.2020506@locolomo.org> <4C45F0F1.7010609@locolomo.org> <4C49E2CD.7020607@locolomo.org> Date: Fri, 23 Jul 2010 15:41:13 -0400 Message-ID: From: alexus To: Erik Norgaard Content-Type: text/plain; charset=UTF-8 Cc: freebsd-questions@freebsd.org Subject: Re: ipnat.conf - map and rdr won't work! X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: google@alexus.org List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Jul 2010 19:41:15 -0000 On Fri, Jul 23, 2010 at 2:43 PM, Erik Norgaard wrote: > On 23/07/10 18.58, alexus wrote: > >> i just did jail on public ip where i dont need to use ipnat, so >> obviously that works fine no problem >> not really what i wanted though but as a temporary fix its fine... > > With all respect, I think you should start liking this solution, because for > all I understand, this is the right solution. > > If external access to the jail was otherwise through rdr, there is really no > benefit at all, securitywise or otherwise. But allowing the jail to bind > directly on the ip that external clients connect to you get simplicity and > ease of configuration. > > BR, Erik > true, i agree and i do like this solution better, but that solution wont allow me to expand let me explain what i mean by that let's take for example i'm running more then one jail... while i can bind all of them to same public IP address i'm going have to deal with running for example same sshd on different ports, yet before i'd just use rdr rule to route it appropriately. i guess its not really a big deal but still while we found very nice work around i still somehow would like to know what happened, why ipnat stop working all the sudden.. i'd like to say thank you to you and anyone else who was involved in this discussion -- http://alexus.org/