pf and jails

Tyler Saylor tyler at
Thu Feb 6 15:02:55 UTC 2014


I'm running FreeBSD 10-RELEASE on i386. I have setup a few jails for
services such as httpd and postfix using ezjail. The host has one physical
ethernet interface and I have five routeable IPv4 addresses; of the five,
four are assigned to a jail and one is assigned to the host. I have a jail
for mysql that is setup to use a clone of lo and the address "".
I'm also using pf to filter traffic to each service on the host.

My question is this: How do I make it so that the other jails that are
bound to routable addresses able to interact with the jail on Is
there some magic pf voodo I'm not understanding, or some mental deficiency
I'm just now being made aware of? I've included my pf.conf and included an

THanks for any help,
//Tyler Saylor

For illistration:

Each pipe represents a real, routable ipv4 address assigned to the
respective jail. The star represents the private address of the jail I'd
like to be accesible from the others.

em0--|--|--|--|--|  lo1--*
       h w i  m s       m
       o w r  a v        y
       s w c i  n        s
       t        l           q


More information about the freebsd-questions mailing list