Date: Tue, 15 Mar 2005 18:56:04 -0500 From: Brian Reichert <reichert@numachi.com> To: S??awek ??ak <slawek.zak@gmail.com> Cc: freebsd-net@freebsd.org Subject: Re: Setup of jail bound to lo0 Message-ID: <20050315235604.GP340@numachi.com> In-Reply-To: <787bbe1c050315152733f79e7c@mail.gmail.com> References: <787bbe1c050315152733f79e7c@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Mar 16, 2005 at 12:27:57AM +0100, S??awek ??ak wrote:
> Hi,
>
> I need to have some jails configured, sharing single IP address (IPv6
> is a no-no for the time being:). Therefore I came up with an idea of
> binding them all to lo0 and assigning subsequent IP aliases as the
> addresses. The requirement for the jails is to let them to receive
> (the easy part) and *send* packets to the outside.
>
> Which obviously doesn't work. I've tried to add alias IP, but then it
> stops the natd `rule' matching.
Hmm. This was working for me under 4.9-RELEASE:
# prep/launch
(build kernel with
options IPFIREWALL
options IPDIVERT
)
# useful environment
setenv JAIL_IF vr0
setenv JAIL_IP 192.168.0.1
setenv TESTJAIL /var/minjail
ifconfig $JAIL_IF alias $JAIL_IP
# spin up a private NAT
sysctl net.inet.ip.forwarding=1
sysctl jail.set_hostname_allowed=0
ipfw add 50 divert natd all from any to any via $JAIL_IF
/sbin/natd -n $JAIL_IF -log -unregistered_only
# spin up the jail
jail $TESTJAIL testhostname $JAIL_IP /bin/sh
> Net Gods, help me please, /S
> _______________________________________________
> freebsd-net@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
--
Brian Reichert <reichert@numachi.com>
55 Crystal Ave. #286 Daytime number: (603) 434-6842
Derry NH 03038-1725 USA BSD admin/developer at large
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050315235604.GP340>