No subject
masta
masta at wifibsd.org
Sun Sep 21 14:08:36 PDT 2003
Mario Freitas wrote:
> Hi,
> I recently configured a jail on a FreeBSD gateway doing nat for the
> interface alias (the jail address, say 192.168.J.J). I tried with natd
> and ipnat too.
> However there are some problems I still do not understand. First
> when I added "nameserver 192.168.X.X" (the nameserver running outside
> the jail environment) to the jail, every query to the name server is
> made via the loopback interface instead of the internal interface, or
> $intif (where I have 192.168.X.X plus 192.168.J.J). Shouldn't the packet
> travel(virtually) via the $intif interface (as if the request was coming
> from any machine on the LAN)? Also, the packets are travelling through
> the loopback interface, where bind _is not_ listening :) (another weird
> behaviour?)
This is normal. Jails use the loopback interface. You should alter your
configuration accordingly.
> Second, I've tried using, unsuccessfully, many ipfw rules so any user
> inside the jail environment can establish statefully any tcp connection
> to the internet. What I do not understand is why the request does not
> (virtually) come through $intif (192.168.J.J).
Because the jail(8) uses the loopback interface.
[snip]
I seem to recall some old discussion about the roadmap for jail(8), and
somebody mentioned the consideration of a set of patches to virtualize the
entire freebsd network stack to facilitate the type of feature you thought
jail's have, but don't.
__ __ _
| \/ | __ _ ___| |_ __ _
| |\/| |/ _` / __| __/ _` |
| | | | (_| \__ \ || (_| |
|_| |_|\__,_|___/\__\__,_|
masta at wifibsd.org
http://wifibsd.org
More information about the freebsd-hackers
mailing list