Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 14 May 2007 21:29:54 +0200
From:      Juan Sosa <>
Subject:   Re: Make a jail visible in different networks
Message-ID:  <>
In-Reply-To: <>
References:  <> <> <> <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Chuck Swiger escribió:
> On May 14, 2007, at 12:09 PM, Juan Sosa wrote:
>>> There are a number of approaches: the simplest involve either adding 
>>> static routes between your 10.5.1/24 subnet and your 192.168.1/24 
>>> subnet, or setting up additional VPN endpoint on the 192.168.1/24 
>>> network, or using NAT to map the jail IP onto the 10.5.1/24 netblock.
>>> Without knowing your topology, it's hard to make more specific 
>>> recommendations.
>> So sorry for my duplicated message.
> No harm done.  It's just that sometimes people get a little 
> enthusiastic about trying to get quick responses.  :-)
>> In my network, xl0 is linked to other remote server 
>> through tun0 with (routed)openvpn. As I said before, I'm also running 
>> mpd4 listening on ng0, and a jail with samba services on 
>> xl0 alias.
>> Openvpn link is formed by ( and the remote 
>> server ( The PPTP ng0 interface has
>> Maybe a ipfw ruleset on  could do the trick?
> You could use ipfw+natd to map between your 192.168 and 10.5 networks, 
> yes.  However, if the only reason you have your 10.5 network around is 
> to terminate your VPN or PPTP sessions, it sounds like it would be 
> easier to simply move them to terminating on the 192.168 network instead.
> Maybe you've got more going on with the 10.5 network, or maybe there 
> are other reasons for the split, but you control your internal address 
> space, so if you want everybody using the VPN to be able to talk to 
> various 192.168 addresses, it's better to set up the VPN to go onto 
> that, IMHO...
Ok. Thanks a lot.

Want to link to this message? Use this URL: <>