Changes in Jails from FreeBSD 6 to FreeBSD 9 -- particularly,
networking and routing
Mark Felder
feld at feld.me
Fri Apr 13 22:58:53 UTC 2012
On Fri, 13 Apr 2012 15:53:49 -0500, Chad Leigh Shire.Net LLC
<chad at shire.net> wrote:
> No NAT needed since they share the network stack under Jails v1 they
> share the routing tables. It works. Try it.
You're clearly exploiting a bug in FreeBSD 6's jails. It must get confused
and send your public IP on those packets. I have no idea how it processes
the return traffic successfully, but "that's a neat trick!". There is no
possible way for this to work without NAT or whatever bug this is. If a
Jail has a 192.168 IP all packets would leave with a source of 192.168.
When Google or whoever on the internet gets your packets it would see
192.168 and probably drop it because that's not a publicly routable
network.
Without NAT it's impossible for any device anywhere on the planet to
access the internet with an RFC 1918 IP address.
I urge you to share your experience on the freebsd-jail@ mailing list.
Those guys might be able to lend some further insight. I bet the change
came with the update to jails that allows multiple IPs.
More information about the freebsd-questions
mailing list