From owner-freebsd-questions@FreeBSD.ORG Mon May 14 19:20:42 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 3F6A716A400 for ; Mon, 14 May 2007 19:20:42 +0000 (UTC) (envelope-from cswiger@mac.com) Received: from mail-out3.apple.com (mail-out3.apple.com [17.254.13.22]) by mx1.freebsd.org (Postfix) with ESMTP id 2914713C45D for ; Mon, 14 May 2007 19:20:42 +0000 (UTC) (envelope-from cswiger@mac.com) Received: from relay8.apple.com (relay8.apple.com [17.128.113.38]) by mail-out3.apple.com (Postfix) with ESMTP id 805FA1340B8; Mon, 14 May 2007 12:20:23 -0700 (PDT) Received: from relay8.apple.com (unknown [127.0.0.1]) by relay8.apple.com (Symantec Mail Security) with ESMTP id 02C3240588; Mon, 14 May 2007 12:20:42 -0700 (PDT) X-AuditID: 11807126-a3c30bb000004313-d5-4648b6896e60 Received: from [17.214.13.96] (cswiger1.apple.com [17.214.13.96]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by relay8.apple.com (Apple SCV relay) with ESMTP id E261740567; Mon, 14 May 2007 12:20:41 -0700 (PDT) In-Reply-To: <4648B3E5.5060707@dambala.net> References: <46489CC7.9010704@dambala.net> <6AE855F0-4114-4447-B621-387468BEB366@mac.com> <4648B3E5.5060707@dambala.net> Mime-Version: 1.0 (Apple Message framework v752.2) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <08BFAA76-73AF-4087-9AAB-9ACE0359C4AF@mac.com> Content-Transfer-Encoding: 7bit From: Chuck Swiger Date: Mon, 14 May 2007 12:20:41 -0700 To: Juan Sosa X-Mailer: Apple Mail (2.752.2) X-Brightmail-Tracker: AAAAAA== Cc: freebsd-questions@freebsd.org Subject: Re: Make a jail visible in different networks X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 May 2007 19:20:42 -0000 On May 14, 2007, at 12:09 PM, Juan Sosa wrote: >> There are a number of approaches: the simplest involve either >> adding static routes between your 10.5.1/24 subnet and your >> 192.168.1/24 subnet, or setting up additional VPN endpoint on the >> 192.168.1/24 network, or using NAT to map the jail IP onto the >> 10.5.1/24 netblock. >> >> Without knowing your topology, it's hard to make more specific >> recommendations. >> > So sorry for my duplicated message. No harm done. It's just that sometimes people get a little enthusiastic about trying to get quick responses. :-) > In my network, 192.168.1.1 xl0 is linked to other remote server > through tun0 with (routed)openvpn. As I said before, I'm also > running mpd4 listening on ng0, and a jail with samba services on > 192.168.1.10 xl0 alias. > > Openvpn link is formed by 192.168.1.1 (10.5.1.1) and the remote > server (10.5.1.2). The PPTP ng0 interface has 10.5.1.201. > > Maybe a ipfw ruleset on 192.168.1.1 could do the trick? You could use ipfw+natd to map between your 192.168 and 10.5 networks, yes. However, if the only reason you have your 10.5 network around is to terminate your VPN or PPTP sessions, it sounds like it would be easier to simply move them to terminating on the 192.168 network instead. Maybe you've got more going on with the 10.5 network, or maybe there are other reasons for the split, but you control your internal address space, so if you want everybody using the VPN to be able to talk to various 192.168 addresses, it's better to set up the VPN to go onto that, IMHO... -- -Chuck