From owner-freebsd-questions@FreeBSD.ORG Sun Mar 23 04:11:53 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 29FD23C8 for ; Sun, 23 Mar 2014 04:11:53 +0000 (UTC) Received: from tds-solutions.net (tds-solutions.net [69.164.206.65]) by mx1.freebsd.org (Postfix) with ESMTP id 0BA06B38 for ; Sun, 23 Mar 2014 04:11:52 +0000 (UTC) Received: from [192.168.1.22] (24-177-51-95.dhcp.oxfr.ma.charter.com [24.177.51.95]) (Authenticated sender: tyler) by tds-solutions.net (Postfix) with ESMTPSA id 416FEA11E for ; Sat, 22 Mar 2014 22:17:50 -0600 (MDT) Message-ID: <532E5F05.2040207@tysdomain.com> Date: Sun, 23 Mar 2014 00:11:49 -0400 From: "Littlefield, Tyler" User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130801 Thunderbird/17.0.8 MIME-Version: 1.0 To: "freebsd-questions@freebsd.org" Subject: jails, subnets and etc? Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list Reply-To: tyler@tysdomain.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 23 Mar 2014 04:11:53 -0000 hello all: I'm curious if I'm doing this right, and would like some advice from someone. First, I created a jail with ezjails and set it's IP to 192.168.0.2, then bound mysql to that address. The idea is that mysql can run in its own jail while not being accessible to the outside world. I set the gateway (defaultrouter in the jail's rc.conf) to the IP address of my machine so the system can access the network. This is where I run into a bit of fun: I am unable to ping/telnet to 192.168.0.2 3306, and I am unable to telnet out of the jail. So, I have a few questions: 1) what needs to happen on the pf side to forward ports from x.x.x.x (my external-facing interface), to a specific address and port on the subnet? the idea is that I will just use pf to forward ports to public-facing jailed services. 2) Do I need to do something special to get this subnet set up? What needs to happen to get the jail and the host talking to each other? thanks in advance, -- Take care, Ty http://tds-solutions.net He that will not reason is a bigot; he that cannot reason is a fool; he that dares not reason is a slave.