Setup of jail bound to lo0
Sławek Żak
slawek.zak at gmail.com
Tue Mar 15 15:28:02 PST 2005
Hi,
I need to have some jails configured, sharing single IP address (IPv6
is a no-no for the time being:). Therefore I came up with an idea of
binding them all to lo0 and assigning subsequent IP aliases as the
addresses. The requirement for the jails is to let them to receive
(the easy part) and *send* packets to the outside.
The jails cannot directly access the Internet as they cannot bind to
the external IP address of course. Some translation needs to be made,
I think. After wrestling with ipfw/ipf/pf for a couple of hours I
don't have a working solution.
My last attempt to get outside from the jail with ipfw was:
# ipfw add 200 divert natd log tcp from 127.0.0.2 to 127.0.0.2 222 in via lo0
and for natd:
redirect_port tcp 192.168.153.2:22 127.0.0.2:222
I get this log from natd:
In {default} 0000ffff[TCP] [TCP] 127.0.0.2:53057 -> 127.0.0.2:301 aliased to
[TCP] 127.0.0.2:53057 -> 192.168.153.2:22
Which obviously doesn't work. I've tried to add alias IP, but then it
stops the natd `rule' matching.
Net Gods, help me please, /S
More information about the freebsd-net
mailing list