jails, subnets and etc?

[Littlefield, Tyler]

On 3/23/2014 1:58 PM, Jeff Tipton wrote:

    You have a heap of settings in your rc.conf. Is this machine already
    doing something? It would be better to comment most of this stuff
    out and start from scratch -- leaving only the absolutely necessary
    -- hostname (fully qualified), ifconfig_em0 line and the
    defaultrouter line. And then go step by step, so you understand
    what's going on.

    First, you don't need to enable "jail" if you are enabling "ezjail".
    And you will need to set up an alias for the em0 network interface,
    one per jail. Without that you won't have a communication with your
    ezjail. If you set up a jail with address 192.168.0.2, you need this
    same address to attach to em0 as an alias.

    -Jeff

Hello:
It seems I have some good news to report, though not much. My jail has 
an IP address and I can connect to it from the host via telnet. 
Everything is running perfectly, but the jail is still unable to connect 
out:
root at sapphire:/etc # sysctl net.inet.ip.forwarding
net.inet.ip.forwarding: 1
My next solution would be to create a pseudo interface (is this 
posible), which will allow me to keep the jail separate from the outside 
world, then give an interface to each jail. Is this possible? then I 
could just forward outbound connections from the jail's interface to the 
public interface and forward individual connections through. otherwise, 
there could be a lot of issues--if there is an alias on em0 for 
192.168.0.2, perhaps any outbound connections are getting sent out with 
that address (which the data center's routers may not like), etc.