Cant reach Jailed services from internet.
JÁKÓ András
jako.andras at eik.bme.hu
Tue May 28 08:07:29 UTC 2013
> > > Any reason you are running your webjail on the broadcast IP for the
> > > subnet? IP range for your 0xfffffffc net would be (.77|.78).
> >
> > Hi,
> >
> > Thanks, however thats the info I got the from people providing the machine :
>
> That's a worry .. you won't do any good trying to use the broadcast
> address. Mats is right, you only get 2 usable addresses with a /30.
Assigning a /30 for four jails is perfectly valid, if it's an aggregate
of four /32s. I would configure a static route on the default gateway
for 174.x.x.76/30 -> 67.x.x.x, then on the host I'd assign the four /32s
to lo1..lo4. Packets arrive to the jails because of the /30 static route
in the neighbouring router, packets leave the jail because of the host's
already existing default route, and of course traffic between the jails
and the host are OK because the kernel knows its own interfaces.
(Actually that's how I run my FreeBSD jails.)
> > The hosts rc.conf:
> >
> > ipv4_addrs_em0="67.x.x.x/27 174.x.x.76-79/30"
Regards,
András
More information about the freebsd-jail
mailing list