Problem: nating jails with private ip addresses.

[Kevin Smith]

Hi guys,

Please help if you can, I have a problem, and I can't get my config to work.

I have one public ip address, and several jails with private ip addresses in
the 172.20.0.0/24 area.

I don't know how to make this work, maybe somewhere I blocked the traffic,
but dns request are coming through, I can open (redirected)http on the jail
itself inside from the internet, but i can't connect to any host on the
internet from the jails, the main problem comes with installing from ports
and downloading the distfiles.

My System is  7.1-RELEASE.with pf,pflog,pfsync devices, and
ALTQ,ALTQ_CBQ,ALTQ_RED,ALTQ_RIO,ALTQ_HFSC,ALTQ_PRIQ,ALTQ_NOPCC options
compiled in the kernel!

Is this possible, or should I pop in another card and bind the jails to that
card?


The corresponding config is here(really partial):

tcp_services = "{ ssh, smtp, domain, www, pop3, auth, https, pop3s, ftp,
ftp-data }"
ext_if = "bge0"
jails = "172.20.0.0/24"

nat on $ext_if proto { tcp, udp, icmp } from $jails to any -> ($ext_if)
rdr pass on $ext_if inet proto tcp from any to $ext_if port http ->
172.20.0.100

pass out proto tcp to any port $tcp_services keep state
pass out proto tcp from any to any keep state


Thanks in advance, Best Regards,

Kevin