Make a jail visible in different networks
Juan Sosa
sosa at dambala.net
Mon May 14 19:30:03 UTC 2007
Chuck Swiger escribió:
> On May 14, 2007, at 12:09 PM, Juan Sosa wrote:
>>> There are a number of approaches: the simplest involve either adding
>>> static routes between your 10.5.1/24 subnet and your 192.168.1/24
>>> subnet, or setting up additional VPN endpoint on the 192.168.1/24
>>> network, or using NAT to map the jail IP onto the 10.5.1/24 netblock.
>>>
>>> Without knowing your topology, it's hard to make more specific
>>> recommendations.
>>>
>> So sorry for my duplicated message.
>
> No harm done. It's just that sometimes people get a little
> enthusiastic about trying to get quick responses. :-)
>
>> In my network, 192.168.1.1 xl0 is linked to other remote server
>> through tun0 with (routed)openvpn. As I said before, I'm also running
>> mpd4 listening on ng0, and a jail with samba services on 192.168.1.10
>> xl0 alias.
>>
>> Openvpn link is formed by 192.168.1.1 (10.5.1.1) and the remote
>> server (10.5.1.2). The PPTP ng0 interface has 10.5.1.201.
>>
>> Maybe a ipfw ruleset on 192.168.1.1 could do the trick?
>
> You could use ipfw+natd to map between your 192.168 and 10.5 networks,
> yes. However, if the only reason you have your 10.5 network around is
> to terminate your VPN or PPTP sessions, it sounds like it would be
> easier to simply move them to terminating on the 192.168 network instead.
>
> Maybe you've got more going on with the 10.5 network, or maybe there
> are other reasons for the split, but you control your internal address
> space, so if you want everybody using the VPN to be able to talk to
> various 192.168 addresses, it's better to set up the VPN to go onto
> that, IMHO...
>
Ok. Thanks a lot.
More information about the freebsd-questions
mailing list