Date: Sun, 21 Sep 2003 13:53:16 +0100 From: Mario Freitas <sub_0@netcabo.pt> To: freebsd-ipfw@freebsd.org Cc: freebsd-hackers@freebsd.org Subject: jails & ipfw + nat Message-ID: <1064148796.973.50.camel@suzy.unbreakable.homeunix.org>
next in thread | raw e-mail | index | archive | help
--=-V4jJ/eJUIauNTyrxyjUh Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: quoted-printable Hi, I recently configured a jail on a FreeBSD gateway doing nat for the interface alias (the jail address, say 192.168.J.J). I tried with natd and ipnat too. However there are some problems I still do not understand. First when I added "nameserver 192.168.X.X" (the nameserver running outside the jail environment) to the jail, every query to the name server is made via the loopback interface instead of the internal interface, or $intif (where I have 192.168.X.X plus 192.168.J.J). Shouldn't the packet travel(virtually) via the $intif interface (as if the request was coming from any machine on the LAN)? Also, the packets are travelling through the loopback interface, where bind _is not_ listening :) (another weird behaviour?) Second, I've tried using, unsuccessfully, many ipfw rules so any user inside the jail environment can establish statefully any tcp connection to the internet. What I do not understand is why the request does not (virtually) come through $intif (192.168.J.J). Inside the jail, after executing telnet www.google.com 80, tcpdump -i $intif(outside the jail) shows nothing, but tcpdump -i $extif(also outside) shows packets coming from www.google.com:80 to $extip, both in natd and ipnat cases: ipfw logs the packet being denied tcp from www.google.com:80 to $extip in via $extif (keep-state is not triggered). Any clarification would be appreciated. Sincerely, --=20 M=E1rio Freitas (sub_0@netcabo.pt) N=FAcleo Portugu=EAs de FreeBSD (NPF) --=-V4jJ/eJUIauNTyrxyjUh Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQA/bZ88mOO46MB/5oURAoXfAKCE9LWe65Ne4t7LpWQ1uUdi0hS5YwCgsr5y vp8WuM/g18zTFsy9O57gsuc= =tUx2 -----END PGP SIGNATURE----- --=-V4jJ/eJUIauNTyrxyjUh--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1064148796.973.50.camel>