From owner-freebsd-questions@FreeBSD.ORG Mon May 14 19:30:03 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 8BE3D16A404 for ; Mon, 14 May 2007 19:30:03 +0000 (UTC) (envelope-from sosa@dambala.net) Received: from mail.dambala.net (19.Red-80-32-97.staticIP.rima-tde.net [80.32.97.19]) by mx1.freebsd.org (Postfix) with ESMTP id 26A5B13C45D for ; Mon, 14 May 2007 19:30:03 +0000 (UTC) (envelope-from sosa@dambala.net) Received: from amavis.dmb.corp (mail [192.168.1.105]) by mail.dambala.net (Postfix) with ESMTP id 14F111293433 for ; Mon, 14 May 2007 21:07:46 +0200 (CEST) X-Virus-Scanned: amavisd-new at dmb.corp Received: from mail.dambala.net ([192.168.1.105]) by amavis.dmb.corp (amavis.dmb.corp [192.168.1.105]) (amavisd-new, port 10024) with LMTP id b5HrxzpnHdDC for ; Mon, 14 May 2007 21:06:43 +0200 (CEST) Received: from [192.168.1.82] (satelite.dmb.corp [192.168.1.82]) by mail.dambala.net (Postfix) with ESMTP id D05121293431 for ; Mon, 14 May 2007 21:06:40 +0200 (CEST) Message-ID: <4648B8B2.4060509@dambala.net> Date: Mon, 14 May 2007 21:29:54 +0200 From: Juan Sosa User-Agent: Thunderbird 2.0.0.0 (Windows/20070326) MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <46489CC7.9010704@dambala.net> <6AE855F0-4114-4447-B621-387468BEB366@mac.com> <4648B3E5.5060707@dambala.net> <08BFAA76-73AF-4087-9AAB-9ACE0359C4AF@mac.com> In-Reply-To: <08BFAA76-73AF-4087-9AAB-9ACE0359C4AF@mac.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit Subject: Re: Make a jail visible in different networks X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 May 2007 19:30:03 -0000 Chuck Swiger escribió: > On May 14, 2007, at 12:09 PM, Juan Sosa wrote: >>> There are a number of approaches: the simplest involve either adding >>> static routes between your 10.5.1/24 subnet and your 192.168.1/24 >>> subnet, or setting up additional VPN endpoint on the 192.168.1/24 >>> network, or using NAT to map the jail IP onto the 10.5.1/24 netblock. >>> >>> Without knowing your topology, it's hard to make more specific >>> recommendations. >>> >> So sorry for my duplicated message. > > No harm done. It's just that sometimes people get a little > enthusiastic about trying to get quick responses. :-) > >> In my network, 192.168.1.1 xl0 is linked to other remote server >> through tun0 with (routed)openvpn. As I said before, I'm also running >> mpd4 listening on ng0, and a jail with samba services on 192.168.1.10 >> xl0 alias. >> >> Openvpn link is formed by 192.168.1.1 (10.5.1.1) and the remote >> server (10.5.1.2). The PPTP ng0 interface has 10.5.1.201. >> >> Maybe a ipfw ruleset on 192.168.1.1 could do the trick? > > You could use ipfw+natd to map between your 192.168 and 10.5 networks, > yes. However, if the only reason you have your 10.5 network around is > to terminate your VPN or PPTP sessions, it sounds like it would be > easier to simply move them to terminating on the 192.168 network instead. > > Maybe you've got more going on with the 10.5 network, or maybe there > are other reasons for the split, but you control your internal address > space, so if you want everybody using the VPN to be able to talk to > various 192.168 addresses, it's better to set up the VPN to go onto > that, IMHO... > Ok. Thanks a lot.