From owner-freebsd-questions@FreeBSD.ORG  Fri Apr 13 22:58:53 2012
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 140CD1065687
	for <freebsd-questions@freebsd.org>;
	Fri, 13 Apr 2012 22:58:53 +0000 (UTC) (envelope-from feld@feld.me)
Received: from feld.me (unknown [IPv6:2607:f4e0:100:300::2])
	by mx1.freebsd.org (Postfix) with ESMTP id CFC908FC08
	for <freebsd-questions@freebsd.org>;
	Fri, 13 Apr 2012 22:58:52 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=feld.me;
	s=blargle; 
	h=In-Reply-To:Message-Id:From:Mime-Version:Date:References:Subject:To:Content-Type;
	bh=mhgk0dSJBt3hzeE2xgDF7J8UWycwsd/Vq/YOmixcWP4=; 
	b=VVTV9GW/jyk+emzV4Lh5OIXxx+rTMgp3Mc9FCqlKoP9ioYqbEC3a4dM3+lTCMi2x9cX1aPJ+f3xxGGOqno2MfADyOIE/Q0ASVSz81XajY2nTe7VOgMs62k7Z+5twEhEv;
Received: from localhost ([127.0.0.1] helo=mwi1.coffeenet.org)
	by feld.me with esmtp (Exim 4.77 (FreeBSD))
	(envelope-from <feld@feld.me>) id 1SIpS6-00090u-6d
	for freebsd-questions@freebsd.org; Fri, 13 Apr 2012 17:58:51 -0500
Received: from feld@feld.me by mwi1.coffeenet.org (Archiveopteryx 3.1.4)
	with esmtpa id 1334357923-23734-23733/5/22; Fri, 13 Apr 2012 22:58:43
	+0000
Content-Type: text/plain; charset=utf-8; format=flowed; delsp=yes
To: freebsd-questions@freebsd.org
References: <BCF3FB8D-7FF0-4CB4-8491-6472EDED96B2@shire.net>
	<op.wcpyqodb34t2sn@tech304>
	<FEED68A4-0C10-4057-B37B-EEA780977F25@shire.net>
Date: Fri, 13 Apr 2012 17:58:42 -0500
Mime-Version: 1.0
From: Mark Felder <feld@feld.me>
Message-Id: <op.wcp7f4kr34t2sn@cr48.lan>
In-Reply-To: <FEED68A4-0C10-4057-B37B-EEA780977F25@shire.net>
User-Agent: Opera Mail/11.62 (FreeBSD)
X-SA-Score: -1.5
Subject: Re: Changes in Jails from FreeBSD 6 to FreeBSD 9 -- particularly,
 networking and routing
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Apr 2012 22:58:53 -0000

On Fri, 13 Apr 2012 15:53:49 -0500, Chad Leigh Shire.Net LLC  
<chad@shire.net> wrote:

> No NAT needed since they share the network stack under Jails v1 they  
> share the routing tables.  It works.  Try it.

You're clearly exploiting a bug in FreeBSD 6's jails. It must get confused  
and send your public IP on those packets. I have no idea how it processes  
the return traffic successfully, but "that's a neat trick!". There is no  
possible way for this to work without NAT or whatever bug this is. If a  
Jail has a 192.168 IP all packets would leave with a source of 192.168.  
When Google or whoever on the internet gets your packets it would see  
192.168 and probably drop it because that's not a publicly routable  
network.

Without NAT it's impossible for any device anywhere on the planet to  
access the internet with an RFC 1918 IP address.

I urge you to share your experience on the freebsd-jail@ mailing list.  
Those guys might be able to lend some further insight. I bet the change  
came with the update to jails that allows multiple IPs.