Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 13 Apr 2012 17:58:42 -0500
From:      Mark Felder <>
Subject:   Re: Changes in Jails from FreeBSD 6 to FreeBSD 9 -- particularly, networking and routing
Message-ID:  <op.wcp7f4kr34t2sn@cr48.lan>
In-Reply-To: <>
References:  <> <op.wcpyqodb34t2sn@tech304> <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On Fri, 13 Apr 2012 15:53:49 -0500, Chad Leigh Shire.Net LLC  
<> wrote:

> No NAT needed since they share the network stack under Jails v1 they  
> share the routing tables.  It works.  Try it.

You're clearly exploiting a bug in FreeBSD 6's jails. It must get confused  
and send your public IP on those packets. I have no idea how it processes  
the return traffic successfully, but "that's a neat trick!". There is no  
possible way for this to work without NAT or whatever bug this is. If a  
Jail has a 192.168 IP all packets would leave with a source of 192.168.  
When Google or whoever on the internet gets your packets it would see  
192.168 and probably drop it because that's not a publicly routable  

Without NAT it's impossible for any device anywhere on the planet to  
access the internet with an RFC 1918 IP address.

I urge you to share your experience on the freebsd-jail@ mailing list.  
Those guys might be able to lend some further insight. I bet the change  
came with the update to jails that allows multiple IPs.

Want to link to this message? Use this URL: <>