No subject

[masta]

Mario Freitas wrote:

> Hi,
> I recently configured a jail on a FreeBSD gateway doing nat for the
> interface alias (the jail address, say 192.168.J.J). I tried with natd
> and ipnat too.
> However there are some problems I still do not understand. First
> when I added "nameserver 192.168.X.X" (the nameserver running outside
> the jail environment) to the jail, every query to the name server is
> made via the loopback interface instead of the internal interface, or
> $intif (where I have 192.168.X.X plus 192.168.J.J). Shouldn't the packet
> travel(virtually) via the $intif interface (as if the request was coming
> from any machine on the LAN)? Also, the packets are travelling through
> the loopback interface, where bind _is not_ listening :) (another weird
> behaviour?)

This is normal. Jails use the loopback interface. You should alter your
configuration accordingly.

> Second, I've tried using, unsuccessfully, many ipfw rules so any user
> inside the jail environment can establish statefully any tcp connection
> to the internet. What I do not understand is why the request does not
> (virtually) come through $intif (192.168.J.J).

Because the jail(8) uses the loopback interface.
[snip]

I seem to recall some old discussion about the roadmap for jail(8), and
somebody mentioned the consideration of a set of patches to virtualize the
entire freebsd network stack to facilitate the type of feature you thought
jail's have, but don't.


 __  __           _
|  \/  | __ _ ___| |_ __ _
| |\/| |/ _` / __| __/ _` |
| |  | | (_| \__ \ || (_| |
|_|  |_|\__,_|___/\__\__,_|

masta at wifibsd.org
http://wifibsd.org