Date: Thu, 6 Feb 2014 09:34:50 -0500 From: Tyler Saylor <tyler@680x0.com> To: freebsd-questions@freebsd.org Subject: pf and jails Message-ID: <CAEZtMDYgTned8uN0pJ1DstuHjOiNF3pu0cwZNwfjnL570tFxvQ@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hello,
I'm running FreeBSD 10-RELEASE on i386. I have setup a few jails for
services such as httpd and postfix using ezjail. The host has one physical
ethernet interface and I have five routeable IPv4 addresses; of the five,
four are assigned to a jail and one is assigned to the host. I have a jail
for mysql that is setup to use a clone of lo and the address "10.1.1.1".
I'm also using pf to filter traffic to each service on the host.
My question is this: How do I make it so that the other jails that are
bound to routable addresses able to interact with the jail on 10.1.1.1? Is
there some magic pf voodo I'm not understanding, or some mental deficiency
I'm just now being made aware of? I've included my pf.conf and included an
illustration.
THanks for any help,
//Tyler Saylor
For illistration:
Each pipe represents a real, routable ipv4 address assigned to the
respective jail. The star represents the private address of the jail I'd
like to be accesible from the others.
em0--|--|--|--|--| lo1--*
h w i m s m
o w r a v y
s w c i n s
t l q
l
pf.conf
http://pastebin.ca/2630464
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAEZtMDYgTned8uN0pJ1DstuHjOiNF3pu0cwZNwfjnL570tFxvQ>