Date: Wed, 16 Mar 2005 10:47:25 +0100 (CET) From: Sten Spans <sten@blinkenlights.nl> To: =?UTF-8?Q?S=C5=82awek_=C5=BBak?= <slawek.zak@gmail.com> Cc: freebsd-net@freebsd.org Subject: Re: Setup of jail bound to lo0 Message-ID: <Pine.SOC.4.61.0503161045311.23519@tea.blinkenlights.nl> In-Reply-To: <787bbe1c050315152733f79e7c@mail.gmail.com> References: <787bbe1c050315152733f79e7c@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
---559023410-851401618-1110966445=:23519
Content-Type: TEXT/PLAIN; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8BIT
On Wed, 16 Mar 2005, [UTF-8] SÅ~Bawek Å»ak wrote:
> Hi,
>
> I need to have some jails configured, sharing single IP address (IPv6
> is a no-no for the time being:). Therefore I came up with an idea of
> binding them all to lo0 and assigning subsequent IP aliases as the
> addresses. The requirement for the jails is to let them to receive
> (the easy part) and *send* packets to the outside.
>
> The jails cannot directly access the Internet as they cannot bind to
> the external IP address of course. Some translation needs to be made,
> I think. After wrestling with ipfw/ipf/pf for a couple of hours I
> don't have a working solution.
>
pf:
# Tables: similar to macros, but more flexible for many addresses.
table <webservers> { 1.2.3.4, 5.6.7.8, 9.9.9.9 }
# Translation: specify how addresses are to be mapped or redirected.
nat on $ext_if from $loopback_addr to any -> ($ext_if)
# rdr: packets coming in on $ext_if with destination <webservers>:80
rdr on $ext_if proto tcp from any to <webservers> port 80 -> $loopback_addr port 80
--
Sten Spans
"There is a crack in everything, that's how the light gets in."
Leonard Cohen - Anthem
---559023410-851401618-1110966445=:23519--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SOC.4.61.0503161045311.23519>