Jail with public IP alias
Alejandro Imass
aimass at yabarana.com
Fri Aug 30 03:23:00 UTC 2013
On Thu, Aug 29, 2013 at 7:53 PM, Alejandro Imass <aimass at yabarana.com> wrote:
> On Thu, Aug 29, 2013 at 5:07 PM, Patrick <gibblertron at gmail.com> wrote:
>> On Thu, Aug 29, 2013 at 12:07 PM, Alejandro Imass <aimass at yabarana.com> wrote:
>>> On Thu, Aug 29, 2013 at 5:03 AM, Frank Leonhardt <frank2 at fjl.co.uk> wrote:
>>>> On 29/08/2013 09:52, Frank Leonhardt wrote:
>>>>>
>>>
>
> [...]
>
>> Aliases should have a netmask of 255.255.255.255. What you seeing is
>> not typical behaviour on FreeBSD.
[...]
> One of you asked about NAT. We are using natd to nat some public ports
> to other ports on the private IPs that are aliases of lo0. This is for
> the jails that don't have public IPs we just forward some ports to the
> jail's ports like this:
>
> For example:
>
> redirect_port tcp 192.168.101.123:22 12322
> redirect_port tcp 192.168.101.123:80 12380
>
> Could this have an effect on OUTBOUND connections?? Seems unlikely to
> me but I think one of you asked about NAT I suspect for a good reason.
>
> I'll turn off the natting temporarily and test.
>
I can confirm that the culprit was natd. Now the question becomes why
does natd affect the source IP for an outbound connection??
Is there a way to fix it and keep natd?
Seems that Patrick's NAT hunch on hist first reply was right on the money.
Thanks,
--
Alejandro Imass
More information about the freebsd-questions
mailing list