[Jail] Setting default route in Jail?

Jaco van Tonder jaco at coocoo.za.net
Thu Jul 21 22:21:24 GMT 2005 

Chad,

Chad Leigh -- Shire.Net LLC typed on a keyboard not too far away, on 
7/21/2005 5:19 PM:
> 
> On Jul 21, 2005, at 9:02 AM, jaco at coocoo.za.net wrote:
> 
>> Hello All,
>>
>> My setup looks like this:
>> The FreeBSD machine have a public range IP address, and I set up a  
>> couple
>> of jails with private range IP addresses (192.168.x.x) on the same  box.
>>
>> The private range ip adresses are set up as aliases, using the  procedure
>> as described in the jail(8) man page.
>>
>> All works fine, except for the fact that from within the jails I do  not
>> have internet connectivity as the default route is the same as my jail
>> hosts default route. For this to work I would have to be able to  set my
>> default route in the jail environment to the IP address of my jail  host
>> and enable the jail host as a gateway.
>>
>> The problem is that you are not allowed to set the default route  
>> inside of
>> the  jail, and currently this default route is the default route of  the
>> jail host.
>>
>> I am sure other people must have had this problem before and found a
>> solution. :)
>>
>> Anybody know any workrounds? Or maybe a better way to set this up?
> 
> 
> Hi
> 
> I got it working though I don't remember exactly how.  I set my host  as 
> a gateway and maybe played around with some ipfw rules.  I did do  some 
> ipfw rules and set up natd but I don't remember exactly what it  was I 
> was doing with them (meaning why) as I had some other needs as  well...
> 
> The xxx out addresses are the public netblock we have.  I am not an  
> ipfw expert and came up with these through trial and error and  reading 
> web pages in the middle of the night
> 
> waymoot# more rc.firewall
> #!/bin/sh
> #
> /sbin/ipfw -f flush
> /sbin/ipfw add pass all from x.x.x.0/24 to me
> /sbin/ipfw add pass all from me to x.x.x.0/24 via bge0
> /sbin/ipfw add pass all from 192.168.2.0/24 to me
> /sbin/ipfw add pass all from 192.168.1.0/24 to me
> /sbin/ipfw add pass all from me to 192.168.2.0/24 via bge1
> /sbin/ipfw add pass all from me to 192.168.1.0/24 via bge0
> /sbin/ipfw add divert natd all from any to any via bge0
> /sbin/ipfw add pass all from any to any
> waymoot#

Thanks,

Your post actually made me think a bit for a change and I COMPLETELY 
forgot about the NAT. :P

After adding the following rule to my pf.conf, it started working:
nat on em0 from 192.168.53.1 to any -> 192.168.10.56

Thanks again!
---Jaco


-- 
Jaco van Tonder
Software Developer
Direct: +27 11 312 2122 :: Fax: +27 11 312 2122 :: Mobile: +27 83 417 5424
Email: jaco at coocoo.za.net :: Web: http://www.coocoo.za.net/
Real Software Engineers don't debug programs; they verify correctness.
This process doesn't necessarily involve execution of anything on a
computer, except perhaps a Correctness Verification Aid package.

More information about the freebsd-questions mailing list