Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 13 Apr 2012 14:53:49 -0600
From:      "Chad Leigh Shire.Net LLC" <chad@shire.net>
To:        FreeBSD Mailing List <freebsd-questions@freebsd.org>
Subject:   Re: Changes in Jails from FreeBSD 6 to FreeBSD 9 -- particularly, networking and routing
Message-ID:  <FEED68A4-0C10-4057-B37B-EEA780977F25@shire.net>
In-Reply-To: <op.wcpyqodb34t2sn@tech304>
References:  <BCF3FB8D-7FF0-4CB4-8491-6472EDED96B2@shire.net> <op.wcpyqodb34t2sn@tech304>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help

On Apr 13, 2012, at 1:50 PM, Mark Felder wrote:

> Do I understand this right?
>=20
>=20
> Working in FreeBSD 6.x:
>=20
> interface em0: 1.2.3.4/24  <-- public IP, host only
>           192.168.1.1/24  <-- private IP, host only
>           192.168.1.2/24  <-- Jail #1
>           192.168.1.3/24  <-- Jail #2
>=20
>=20
> With this configuration you had no problems accessing the internet =
from the jails.

correct.

(not that it did not matter I don't think is the private IP, host only =
exists and ALL IP exist on the host in addition to whatever Jail they =
are assigned to)

>=20
> Is this correct? This seems bizarre; this should only be possible if =
you're doing NAT somewhere in there and that is not possible with Jails =
v1 (which share a network stack) and is only possible in Jails v2 =
(vnet).


No NAT needed since they share the network stack under Jails v1 they =
share the routing tables.  It works.  Try it.

The question is, is it possible to do something similar with FreeBSD 9 =
jails (v2 I guess) without the overhead of running NAT?   The jail with =
the private IP *can* access the HOST's public services but not anyone =
else's

Chad




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?FEED68A4-0C10-4057-B37B-EEA780977F25>