Changes in Jails from FreeBSD 6 to FreeBSD 9 -- particularly, networking and routing

Chad Leigh Shire.Net LLC chad at
Fri Apr 13 20:53:51 UTC 2012

On Apr 13, 2012, at 1:50 PM, Mark Felder wrote:

> Do I understand this right?
> Working in FreeBSD 6.x:
> interface em0:  <-- public IP, host only
>   <-- private IP, host only
>   <-- Jail #1
>   <-- Jail #2
> With this configuration you had no problems accessing the internet from the jails.


(not that it did not matter I don't think is the private IP, host only exists and ALL IP exist on the host in addition to whatever Jail they are assigned to)

> Is this correct? This seems bizarre; this should only be possible if you're doing NAT somewhere in there and that is not possible with Jails v1 (which share a network stack) and is only possible in Jails v2 (vnet).

No NAT needed since they share the network stack under Jails v1 they share the routing tables.  It works.  Try it.

The question is, is it possible to do something similar with FreeBSD 9 jails (v2 I guess) without the overhead of running NAT?   The jail with the private IP *can* access the HOST's public services but not anyone else's


More information about the freebsd-questions mailing list