jails again:outbound connections.

[Ondra Knezour]

Dne 26.3.2014 0:16, Littlefield, Tyler napsal(a):
> I'm having a lot of issues with jails. Here is what I set up:
> an alias on em0 with ip 192.168.0.2, netmask 244.244.244.0, bcast
> 192.168.0.255.

This is not going to work if you don't have some very weird network 
configuration. You probably want 255.255.255.0 netmask.

> I enabled IP forwarding through sysctl.
> the jail was created on the 192.168.0.2 address,and I am able to connect
> from the host to the jail. E.g: I can telnet to a listening service on
> the jail from the host. I am, however unable to connect out. I have a

To connect out where? Some more info about your network will give us 
some insight what is wrong. At least configuration of all interfaces and 
default route. Show us output of ifconfig and netstat -r from both the 
host and the jail.

> few questions:
> 1) I enabled raw sockets in security.jail, but am still unable to
> traceroute out. I was trying this to see if perhaps my connections were
> getting out and perhaps OVH/Soyoustart was not letting the packet
> through. I am unsure if the alias will translate packets from
> 192.168.0.2, but it seems uncertain that it would.

No, it wouldn't.

> 2) Given this, do I need to set something else up through DNAT? Do I
> have to do something special for processing of outbound packets?
> 3) If not, any other advice on troubleshooting would beaawesome.

You will need to setup outgoing NAT on the host on the interface which 
is connected to the network you are trying to reach or to the internet 
if you want general connectivity with the world.

http://www.freebsd.org/cgi/man.cgi?query=natd&sektion=8
http://www.fi.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-natd.html
https://www.freebsd.org/doc/handbook/firewalls-pf.html#pftut-gateway
-- 
Ondra Knezour