From owner-freebsd-jail@freebsd.org  Sat Jun 27 21:37:32 2020
Return-Path: <owner-freebsd-jail@freebsd.org>
Delivered-To: freebsd-jail@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id ABFDC35D485
 for <freebsd-jail@mailman.nyi.freebsd.org>;
 Sat, 27 Jun 2020 21:37:32 +0000 (UTC) (envelope-from goya@eik.bme.hu)
Received: from zero.eik.bme.hu (zero.eik.bme.hu [152.66.115.2])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 49vRtN1jGzz4Vny
 for <freebsd-jail@freebsd.org>; Sat, 27 Jun 2020 21:37:31 +0000 (UTC)
 (envelope-from goya@eik.bme.hu)
Received: from zero.eik.bme.hu (blah.eik.bme.hu [152.66.115.182])
 by localhost (Postfix) with SMTP id C7D7074632C;
 Sat, 27 Jun 2020 23:37:30 +0200 (CEST)
Received: by zero.eik.bme.hu (Postfix, from userid 884)
 id AF45F74594E; Sat, 27 Jun 2020 23:37:30 +0200 (CEST)
Date: Sat, 27 Jun 2020 23:37:30 +0200
From: =?utf-8?B?SsOBS8OTIEFuZHLDoXM=?= <jako.andras@eik.bme.hu>
To: David Mehler <dave.mehler@gmail.com>
Cc: freebsd-jail <freebsd-jail@freebsd.org>
Subject: Re: FreeBSD 12.1, vnet jail, and internet access
Message-ID: <20200627213730.GE77414@eik.bme.hu>
References: <CAPORhP7mU=4gMYWhkLPK-Sdyxcuhry4YTM+-vXOs27qeAc2a2Q@mail.gmail.com>
 <20200627204831.GC77414@eik.bme.hu>
 <CAPORhP4XmmT+2ZcDazZVAguBPAG2qYQaWFGWE73Sdgfk3htRVA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <CAPORhP4XmmT+2ZcDazZVAguBPAG2qYQaWFGWE73Sdgfk3htRVA@mail.gmail.com>
Organization: Budapest University of Technology and Economics (BME)
X-Spam-Checker-Version: Sophos PMX: 6.4.8.2820816,
 Antispam-Engine: 2.7.2.2107409, Antispam-Data: 2020.6.27.212717,
 AntiVirus-Engine: 5.74.0, AntiVirus-Data: 2020.6.26.5740003
X-Spam-Flag: NO
X-Spam-Probability: 8%
X-Spam-Level: 
X-Spam-Status: No, score=8% required=50%
X-Rspamd-Queue-Id: 49vRtN1jGzz4Vny
X-Spamd-Bar: /
Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none;
 spf=pass (mx1.freebsd.org: domain of goya@eik.bme.hu designates 152.66.115.2
 as permitted sender) smtp.mailfrom=goya@eik.bme.hu
X-Spamd-Result: default: False [-0.24 / 15.00]; ARC_NA(0.00)[];
 NEURAL_HAM_MEDIUM(-0.87)[-0.868]; RCVD_TLS_ALL(0.00)[];
 FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx:c];
 MID_RHS_MATCH_FROM(0.00)[]; TAGGED_RCPT(0.00)[];
 MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[bme.hu];
 NEURAL_SPAM_SHORT(0.10)[0.100]; HAS_ORG_HEADER(0.00)[];
 TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[];
 RCVD_IN_DNSWL_MED(-0.20)[152.66.115.2:from];
 RCPT_COUNT_TWO(0.00)[2]; NEURAL_HAM_LONG(-0.77)[-0.769];
 FREEMAIL_TO(0.00)[gmail.com];
 FORGED_SENDER(0.30)[jako.andras@eik.bme.hu,goya@eik.bme.hu];
 R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+];
 ASN(0.00)[asn:2547, ipnet:152.66.0.0/16, country:EU];
 FROM_NEQ_ENVFROM(0.00)[jako.andras@eik.bme.hu,goya@eik.bme.hu];
 R_MIXED_CHARSET(1.50)[subject]; RCVD_COUNT_TWO(0.00)[2]
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.33
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 27 Jun 2020 21:37:32 -0000

> I was under the impression that the two stacks were separate?

They are. But I don't think your ISP knows anything about your private
subnet, so they won't send IP packets with your private destination
address to you. And most probably they won't accept IP packets with your
private source address from you. So you have to translate these private
addresses if you want your ISP (and others) to forward them.

> Should I nat on the bridge or epair?

On the bridge, I guess.

András