please help with NATing my jails

Steve Bertrand steve at ipv6canada.com
Mon Jul 12 12:47:37 UTC 2010


On 2010.07.12 06:11, Michael wrote:
> Hello.
> 
> Does anybody has a working configuration with ipfw nated jails on
> loopback interface?
> It simply doesn't work on my system. I can not get any connections to
> outside world from within a jail.
> 
> FreeBSD 8.0-p3 amd64 laptop connected to internet via wlan0 (ath0) with
> 192.168.1.111 address obtained with DHCP.
> Jail with IP 127.127.127.1 aliased on lo0.
> 
> Host system configuration:
> /etc/rc.conf
>    ifconfig_wlan0="WPA DHCP"
>    ifconfig_lo0_alias0="inet 127.127.127.1 netmask 255.255.255.255"
>    gateway_enable="YES"
>    firewall_enable="YES"
>    firewall_script="/etc/ipfw.rules"
>    firewall_nat_enable="YES"
>    firewall_nat_interface="wlan0"
> /etc/resolve.conf
>    nameserver 208.67.222.222
>    nameserver 208.67.220.220
> /etc/ipfw.conf
>    ipfw -q -f flush
>    ipfw add 10 allow all from 127.0.0.1 to 127.0.0.1 via lo0
>    ipfw add 20 check-state
>    ipfw add 30 nat 100 ip from 127.127.127.1 to any via wlan0 keep-state

...do you need a second nat rule for the inbound traffic, or does nat
handle that by itself? If you run tcpdump on the wlan interface, do you
see the inbound traffic that relates to your request?

Steve


More information about the freebsd-ipfw mailing list