simple NAT for jails
Alejandro Imass
ait at p2ee.org
Thu Dec 9 20:18:37 UTC 2010
On Thu, Dec 9, 2010 at 12:23 PM, Eitan Adler <lists at eitanadler.com> wrote:
> Hi,
> I want to throw together some jails for friends to play with. I'm not
> terribly concerned about security on this machine. My goal is to do
> something like
> ezjail create james 10.0.0.1
> ezjail create jared 10.0.0.2
> ezjail create joe 10.0.0.3
> ezjail create idaho 10.0.0.4
>
> I have a single IP address for my computer - so I would need some kind
> of nat to allow these jails to access the outside world - and allow
> the outside world to access them.
>
> I've looked into pf and I guess I would need something like
>
> nat on nfe0 from 10.0.0.1 to any -> $external_ip
>
> is this correct?
> Do I need anything in in /etc/pf.conf ?
>
you can use natd as well in rc.conf
natd_enable="YES"
natd_interface="rl1"
natd_flags="-dynamic"
then as root in the base system
kldload ipdivert
natd -n rl1
or whatever your interface is
> --
> Eitan Adler
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>
More information about the freebsd-questions
mailing list