Date: Mon, 14 May 2007 21:29:54 +0200 From: Juan Sosa <sosa@dambala.net> To: freebsd-questions@freebsd.org Subject: Re: Make a jail visible in different networks Message-ID: <4648B8B2.4060509@dambala.net> In-Reply-To: <08BFAA76-73AF-4087-9AAB-9ACE0359C4AF@mac.com> References: <46489CC7.9010704@dambala.net> <6AE855F0-4114-4447-B621-387468BEB366@mac.com> <4648B3E5.5060707@dambala.net> <08BFAA76-73AF-4087-9AAB-9ACE0359C4AF@mac.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Chuck Swiger escribió: > On May 14, 2007, at 12:09 PM, Juan Sosa wrote: >>> There are a number of approaches: the simplest involve either adding >>> static routes between your 10.5.1/24 subnet and your 192.168.1/24 >>> subnet, or setting up additional VPN endpoint on the 192.168.1/24 >>> network, or using NAT to map the jail IP onto the 10.5.1/24 netblock. >>> >>> Without knowing your topology, it's hard to make more specific >>> recommendations. >>> >> So sorry for my duplicated message. > > No harm done. It's just that sometimes people get a little > enthusiastic about trying to get quick responses. :-) > >> In my network, 192.168.1.1 xl0 is linked to other remote server >> through tun0 with (routed)openvpn. As I said before, I'm also running >> mpd4 listening on ng0, and a jail with samba services on 192.168.1.10 >> xl0 alias. >> >> Openvpn link is formed by 192.168.1.1 (10.5.1.1) and the remote >> server (10.5.1.2). The PPTP ng0 interface has 10.5.1.201. >> >> Maybe a ipfw ruleset on 192.168.1.1 could do the trick? > > You could use ipfw+natd to map between your 192.168 and 10.5 networks, > yes. However, if the only reason you have your 10.5 network around is > to terminate your VPN or PPTP sessions, it sounds like it would be > easier to simply move them to terminating on the 192.168 network instead. > > Maybe you've got more going on with the 10.5 network, or maybe there > are other reasons for the split, but you control your internal address > space, so if you want everybody using the VPN to be able to talk to > various 192.168 addresses, it's better to set up the VPN to go onto > that, IMHO... > Ok. Thanks a lot.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4648B8B2.4060509>