From owner-freebsd-questions@FreeBSD.ORG Mon May 14 19:09:08 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 3EE1E16A403 for ; Mon, 14 May 2007 19:09:08 +0000 (UTC) (envelope-from sosa@dambala.net) Received: from mail.dambala.net (19.Red-80-32-97.staticIP.rima-tde.net [80.32.97.19]) by mx1.freebsd.org (Postfix) with ESMTP id DA11513C489 for ; Mon, 14 May 2007 19:09:07 +0000 (UTC) (envelope-from sosa@dambala.net) Received: from amavis.dmb.corp (mail [192.168.1.105]) by mail.dambala.net (Postfix) with ESMTP id 9D3F41293441 for ; Mon, 14 May 2007 20:46:56 +0200 (CEST) X-Virus-Scanned: amavisd-new at dmb.corp Received: from mail.dambala.net ([192.168.1.105]) by amavis.dmb.corp (amavis.dmb.corp [192.168.1.105]) (amavisd-new, port 10024) with LMTP id VNTlfYqlXYFh for ; Mon, 14 May 2007 20:46:18 +0200 (CEST) Received: from [192.168.1.82] (satelite.dmb.corp [192.168.1.82]) by mail.dambala.net (Postfix) with ESMTP id D68BA1293433 for ; Mon, 14 May 2007 20:46:15 +0200 (CEST) Message-ID: <4648B3E5.5060707@dambala.net> Date: Mon, 14 May 2007 21:09:25 +0200 From: Juan Sosa User-Agent: Thunderbird 2.0.0.0 (Windows/20070326) MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <46489CC7.9010704@dambala.net> <6AE855F0-4114-4447-B621-387468BEB366@mac.com> In-Reply-To: <6AE855F0-4114-4447-B621-387468BEB366@mac.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit Subject: Re: Make a jail visible in different networks X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 May 2007 19:09:08 -0000 Chuck Swiger escribió: > Hi-- > > On May 14, 2007, at 10:30 AM, Juan Sosa wrote: >> I have a freebsd server (192.168.1.5) running a NATed jail >> (192.168.1.10). >> >> I set up mpd4 on this server in order to allow M$ clients access our >> 10.5.1.0/24 vpn. Since jails can´t have more than one ip address, is >> there a way to make 192.168.1.10 visible to the 10.5.1.0/24 network >> without changing the jail ip address? >> >> Summarizing, I need to have my jail serving in both LAN and VPN >> networks. Any suggestions? > > There are a number of approaches: the simplest involve either adding > static routes between your 10.5.1/24 subnet and your 192.168.1/24 > subnet, or setting up additional VPN endpoint on the 192.168.1/24 > network, or using NAT to map the jail IP onto the 10.5.1/24 netblock. > > Without knowing your topology, it's hard to make more specific > recommendations. > So sorry for my duplicated message. In my network, 192.168.1.1 xl0 is linked to other remote server through tun0 with (routed)openvpn. As I said before, I'm also running mpd4 listening on ng0, and a jail with samba services on 192.168.1.10 xl0 alias. Openvpn link is formed by 192.168.1.1 (10.5.1.1) and the remote server (10.5.1.2). The PPTP ng0 interface has 10.5.1.201. Maybe a ipfw ruleset on 192.168.1.1 could do the trick?