How to steer public traffic to a jail

Ernie Luzar luzar722 at gmail.com
Fri Aug 14 14:27:04 UTC 2020 

Steve O'Hara-Smith wrote:
> On Fri, 14 Aug 2020 08:59:27 -0400
> Ernie Luzar <luzar722 at gmail.com> wrote:
> 
>> Steve O'Hara-Smith wrote:
>>> On Fri, 14 Aug 2020 08:08:09 -0400
>>> Ernie Luzar <luzar722 at gmail.com> wrote:
>>>
>>>> I have 4 registered domain names, one for each jail. How do I get
>>>> [ALL] public traffic to a domain name directed to the desired jail?
>>> 	Do you have four public IP addresses to go with them ? If not
>>> what sort of "public traffic" are you talking about just http/s or other
>>> protocols ?
>>>
>> [ALL] means everything.
> 
> 	OK.
> 
>> Host and each jail have own website, email, ftp, ssh services plus what 
>> ever the owner of the jail wants to install.
> 
> 	For that the jail needs it's own public IP address.
> 
>> Tagging a port number on the end of the domain name is not a option.
> 
> 	No, because you need each one to have ports 21, 22, 25 ... open
> independently.
> 
>> Host that jails are on has just single public ipv4 address.
> 
> 	In that case there's only one set of public ports. You *can* run
> some services on non-standard ports but email won't for one. You're SOL
> unless you can get more public IP addresses to use.
> 
>> My ISP has not enabled ipv6 yet.
> 
> 	If IPv6 addresses will do for public then you can always tunnel an
> IPv6 connection from Hurricane Electric - it's free and you get a /64 and
> if you want it a /48 to use. I think they're the only tunnel broker left
> that still provides tunnels on request.
> 


So what I hear you saying is there is only one set of official port 
numbers. That any port can only be used one time. [IE; if host is using 
port 22 then it can not be used in a jail.] This method requires the 
host firewall to forward the inbound port number to a jails internal 
private ip address after the fqdn directs the traffic to the hosts 
single ipv4 address. Which most likely is a home type of ISP account 
having a dynamic ip address.

Another conclusion is that for jails to be the target of public traffic 
containing their own set of the official port numbers, the host must 
have multiple public ipv4 address assigned to it with each unique fqdn 
using one of the public ip address. That means a business type of ISP 
account which is expensive with additional fees for each additional 
static ip addresses needed.

Is my understanding correct?

More information about the freebsd-questions mailing list