Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 14 May 2007 21:09:25 +0200
From:      Juan Sosa <sosa@dambala.net>
To:        freebsd-questions@freebsd.org
Subject:   Re: Make a jail visible in different networks
Message-ID:  <4648B3E5.5060707@dambala.net>
In-Reply-To: <6AE855F0-4114-4447-B621-387468BEB366@mac.com>
References:  <46489CC7.9010704@dambala.net> <6AE855F0-4114-4447-B621-387468BEB366@mac.com>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Chuck Swiger escribió:
> Hi--
>
> On May 14, 2007, at 10:30 AM, Juan Sosa wrote:
>> I have a freebsd server (192.168.1.5) running a NATed jail 
>> (192.168.1.10).
>>
>> I set up mpd4 on this server in order to allow M$ clients access our 
>> 10.5.1.0/24 vpn. Since jails can´t have more than one ip address, is 
>> there a way to make 192.168.1.10 visible to the 10.5.1.0/24 network 
>> without changing the jail ip address?
>>
>> Summarizing, I need to have my jail serving in both LAN and VPN 
>> networks. Any suggestions?
>
> There are a number of approaches: the simplest involve either adding 
> static routes between your 10.5.1/24 subnet and your 192.168.1/24 
> subnet, or setting up additional VPN endpoint on the 192.168.1/24 
> network, or using NAT to map the jail IP onto the 10.5.1/24 netblock.
>
> Without knowing your topology, it's hard to make more specific 
> recommendations.
>
So sorry for my duplicated message.

In my network, 192.168.1.1 xl0 is linked to other remote server through 
tun0 with (routed)openvpn. As I said before, I'm also running mpd4 
listening on ng0, and a jail with samba services on 192.168.1.10 xl0 alias.

Openvpn link is formed by 192.168.1.1 (10.5.1.1) and the remote server 
(10.5.1.2). The PPTP ng0 interface has 10.5.1.201.

Maybe a ipfw ruleset on 192.168.1.1  could do the trick?



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?4648B3E5.5060707>