From owner-freebsd-questions@FreeBSD.ORG Wed Aug 11 02:59:52 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 660EB1065673 for ; Wed, 11 Aug 2010 02:59:52 +0000 (UTC) (envelope-from merlyn@stonehenge.com) Received: from red.stonehenge.com (red.stonehenge.com [IPv6:2607:f2f8:3080::]) by mx1.freebsd.org (Postfix) with ESMTP id 4F58C8FC08 for ; Wed, 11 Aug 2010 02:59:52 +0000 (UTC) Received: by red.stonehenge.com (Postfix, from userid 1001) id 2BDA8430F5; Tue, 10 Aug 2010 19:59:40 -0700 (PDT) From: merlyn@stonehenge.com (Randal L. Schwartz) To: Fbsd8 References: <268321.67123.qm@web24608.mail.ird.yahoo.com> <4C61E8B1.7050605@a1poweruser.com> <86mxsuynm0.fsf@red.stonehenge.com> <4C620356.6070402@a1poweruser.com> <86fwylzyqd.fsf@red.stonehenge.com> <4C620FF5.1020900@a1poweruser.com> x-mayan-date: Long count = 12.19.17.10.16; tzolkin = 11 Cib; haab = 9 Yaxkin Date: Tue, 10 Aug 2010 19:59:39 -0700 In-Reply-To: <4C620FF5.1020900@a1poweruser.com> (fbsd8@a1poweruser.com's message of "Wed, 11 Aug 2010 10:50:29 +0800") Message-ID: <868w4dzwf8.fsf@red.stonehenge.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.2 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: freebsd-questions@freebsd.org Subject: Re: How to connect a jail to the web ? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Aug 2010 02:59:52 -0000 >>>>> "Fbsd8" == Fbsd8 writes: Fbsd8> No. Your jail is assigned it's ip address when you create it. The Fbsd8> alias gives the jail network access when you start the jail. Both Fbsd8> ip address must match. Yup, and if that's a 10.x address, I'm not on the net. So I have to route to it somehow. Fbsd8> Just assign the jail your public ip address when you create it. I was under the impression that the address had to be distinct, in order to uniquely identify it. Are you saying that's not the case? If so, the docs on jails are unclear. Fbsd8> "face the public" is a very large subject, which the answer depends on your Fbsd8> hardware configuration, registered domain names and static ip Fbsd8> addresses. Yes, I'm hoping not to burn a second or third public address for my jail. Instead, I just want my jail to have a punch through (port 80, port 25, etc) from my one public address. Is there a trick to this without burning another public address? Or do I misunderstand (based on poor docs) how a jail attaches itself to an interface? Fbsd8> Using jails requires the host system administrator to be well Fbsd8> trained in networks and how public and private networks Fbsd8> function. Jail documentation is not going to teach you this. Now you're just being condescending. It's fairly likely, almost certain, that I've been dealing with IP traffic since before you could type. What I'm asking for is the specifics of Jails. I *know* how IP traffic works, and even what alias does. What I don't know is FreeBSD's particulars that make this either hard or easy. I *do* know about pf, having administered an OpenBSD box for a number of years. I'm just new to jails, and since you're the "expert", you might have a little patience on that realm, please. -- Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 Smalltalk/Perl/Unix consulting, Technical writing, Comedy, etc. etc. See http://methodsandmessages.vox.com/ for Smalltalk and Seaside discussion