ipfw nat and jails on loopback - is it possible?

Michael mlmichael70 at gmail.com
Fri Jul 9 20:58:15 UTC 2010


Does anybody has a working configuration with ipfw nated jails on 
loopback interface?
It simply doesn't work on my system. I can not get any connections to 
outside world from within a jail.

FreeBSD 8.0-p3 amd64 laptop connected to internet via wlan0 (ath0) with address.
Jail with IP aliased on lo0.

Host system configuration:
    ifconfig_wlan0="WPA DHCP"
    ifconfig_lo0_alias0="inet netmask"
    ipfw -q -f flush
    ipfw add 00001 allow all from to via lo0
    ipfw add 00002 nat 100 ip from to any via wlan0 keep-state
    ipfw nat 100 config ip
    ipfw add 00003 allow all from any to any

Jailed system configuration:

Now I'm doing ssh into a jailed system ( Then on jail 
system I'm trying to do for example:

host freebsd.org
;; connection timed out; no servers could be reached

And on host system:
ipfw -d show
00001   0     0 allow ip from to via lo0
00002   4   228 nat 100 ip from to any via wlan0 keep-state
00003 182 24627 allow ip from any to any
65535   0     0 deny ip from any to any
## Dynamic rules (2):
00002   1    57 (1s) STATE udp 58340 <-> 53
00002   1    57 (2s) STATE udp 39870 <-> 53

So no packets got blocked but still it doesn't work properly. I'm trying 
to get it working for couple weeks now and I'm afraid I just run out of 
ideas so any help would be very appreciated.


More information about the freebsd-questions mailing list