[Jail] Setting default route in Jail?

Chad Leigh -- Shire.Net LLC chad at shire.net
Thu Jul 21 15:19:37 GMT 2005 

On Jul 21, 2005, at 9:02 AM, jaco at coocoo.za.net wrote:

> Hello All,
>
> My setup looks like this:
> The FreeBSD machine have a public range IP address, and I set up a  
> couple
> of jails with private range IP addresses (192.168.x.x) on the same  
> box.
>
> The private range ip adresses are set up as aliases, using the  
> procedure
> as described in the jail(8) man page.
>
> All works fine, except for the fact that from within the jails I do  
> not
> have internet connectivity as the default route is the same as my jail
> hosts default route. For this to work I would have to be able to  
> set my
> default route in the jail environment to the IP address of my jail  
> host
> and enable the jail host as a gateway.
>
> The problem is that you are not allowed to set the default route  
> inside of
> the  jail, and currently this default route is the default route of  
> the
> jail host.
>
> I am sure other people must have had this problem before and found a
> solution. :)
>
> Anybody know any workrounds? Or maybe a better way to set this up?

Hi

I got it working though I don't remember exactly how.  I set my host  
as a gateway and maybe played around with some ipfw rules.  I did do  
some ipfw rules and set up natd but I don't remember exactly what it  
was I was doing with them (meaning why) as I had some other needs as  
well...

The xxx out addresses are the public netblock we have.  I am not an  
ipfw expert and came up with these through trial and error and  
reading web pages in the middle of the night

waymoot# more rc.firewall
#!/bin/sh
#
/sbin/ipfw -f flush
/sbin/ipfw add pass all from x.x.x.0/24 to me
/sbin/ipfw add pass all from me to x.x.x.0/24 via bge0
/sbin/ipfw add pass all from 192.168.2.0/24 to me
/sbin/ipfw add pass all from 192.168.1.0/24 to me
/sbin/ipfw add pass all from me to 192.168.2.0/24 via bge1
/sbin/ipfw add pass all from me to 192.168.1.0/24 via bge0
/sbin/ipfw add divert natd all from any to any via bge0
/sbin/ipfw add pass all from any to any
waymoot#

best
Chad


>
> Thank you in advance!
> ---Jaco
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions- 
> unsubscribe at freebsd.org"
>

---
Chad Leigh -- Shire.Net LLC
Your Web App and Email hosting provider
chad at shire.net

More information about the freebsd-questions mailing list