Problem: nating jails with private ip addresses.
Kevin Smith
repcsike at gmail.com
Tue Jun 2 15:13:32 UTC 2009
Hi guys,
Please help if you can, I have a problem, and I can't get my config to work.
I have one public ip address, and several jails with private ip addresses in
the 172.20.0.0/24 area.
I don't know how to make this work, maybe somewhere I blocked the traffic,
but dns request are coming through, I can open (redirected)http on the jail
itself inside from the internet, but i can't connect to any host on the
internet from the jails, the main problem comes with installing from ports
and downloading the distfiles.
My System is 7.1-RELEASE.with pf,pflog,pfsync devices, and
ALTQ,ALTQ_CBQ,ALTQ_RED,ALTQ_RIO,ALTQ_HFSC,ALTQ_PRIQ,ALTQ_NOPCC options
compiled in the kernel!
Is this possible, or should I pop in another card and bind the jails to that
card?
The corresponding config is here(really partial):
tcp_services = "{ ssh, smtp, domain, www, pop3, auth, https, pop3s, ftp,
ftp-data }"
ext_if = "bge0"
jails = "172.20.0.0/24"
nat on $ext_if proto { tcp, udp, icmp } from $jails to any -> ($ext_if)
rdr pass on $ext_if inet proto tcp from any to $ext_if port http ->
172.20.0.100
pass out proto tcp to any port $tcp_services keep state
pass out proto tcp from any to any keep state
Thanks in advance, Best Regards,
Kevin
More information about the freebsd-pf
mailing list