Make a jail visible in different networks
Juan Sosa
sosa at dambala.net
Mon May 14 19:09:08 UTC 2007
Chuck Swiger escribió:
> Hi--
>
> On May 14, 2007, at 10:30 AM, Juan Sosa wrote:
>> I have a freebsd server (192.168.1.5) running a NATed jail
>> (192.168.1.10).
>>
>> I set up mpd4 on this server in order to allow M$ clients access our
>> 10.5.1.0/24 vpn. Since jails can´t have more than one ip address, is
>> there a way to make 192.168.1.10 visible to the 10.5.1.0/24 network
>> without changing the jail ip address?
>>
>> Summarizing, I need to have my jail serving in both LAN and VPN
>> networks. Any suggestions?
>
> There are a number of approaches: the simplest involve either adding
> static routes between your 10.5.1/24 subnet and your 192.168.1/24
> subnet, or setting up additional VPN endpoint on the 192.168.1/24
> network, or using NAT to map the jail IP onto the 10.5.1/24 netblock.
>
> Without knowing your topology, it's hard to make more specific
> recommendations.
>
So sorry for my duplicated message.
In my network, 192.168.1.1 xl0 is linked to other remote server through
tun0 with (routed)openvpn. As I said before, I'm also running mpd4
listening on ng0, and a jail with samba services on 192.168.1.10 xl0 alias.
Openvpn link is formed by 192.168.1.1 (10.5.1.1) and the remote server
(10.5.1.2). The PPTP ng0 interface has 10.5.1.201.
Maybe a ipfw ruleset on 192.168.1.1 could do the trick?
More information about the freebsd-questions
mailing list