From nobody Wed May 17 15:58:42 2023 X-Original-To: freebsd-questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QLyT45lqcz4BHvX for ; Wed, 17 May 2023 15:58:48 +0000 (UTC) (envelope-from pathiaki2@yahoo.com) Received: from sonic301-31.consmr.mail.ne1.yahoo.com (sonic301-31.consmr.mail.ne1.yahoo.com [66.163.184.200]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4QLyT41wZ2z3rbX for ; Wed, 17 May 2023 15:58:48 +0000 (UTC) (envelope-from pathiaki2@yahoo.com) Authentication-Results: mx1.freebsd.org; none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1684339126; bh=F9c1i4jSzWnoCWKWBP9tSjQaZ4WV348nNlVRGnHgwjU=; h=Date:From:To:Cc:In-Reply-To:References:Subject:From:Subject:Reply-To; b=j2R3bd4FHbz+Da5chcqv+vOavVLu6thL2LLTfnhMPPDYtGpju6AU0myu1kzpl3bI2lriyvHCZg2d76ycbOClrQeqPzlSjPM2Ez3O5GR4sqMuInFq7+lGPw3E32p8J4I3/fh7NIxiS968acBit4w+ngb2vMkOACXDu66xfapMi9aXlaeyo4IXB7rLfEj9LMZVttf8GCr425xHETkkvxAUkE6WW3FKpkPAbjp5otm8TSri6FEEQ5aGaoDIC3VYdIB4oTED4a9Y0GAuEEme0yHLu0N+xerjYgufxXJOBDeQtq7s1j2VZhfl4EqiqxULhHmAvZTnaUs+hqBRLXhnUQeTOg== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1684339126; bh=A3a3g9Lu9n9ZFJdo+qx6DgJXAFycMAmd11ZbmajAiDl=; h=X-Sonic-MF:Date:From:To:Subject:From:Subject; b=FwirxRm5lvp0orR+JfHFJyIpJSw1k1LVeaHn65snT+WFYTvO0DMNjovpPmwBLEDOzO/SQhgDZQTrolAQs4uLqYVlP6s+6z0Wff2LiBOfzKwcHnUZZ5DofuYgeYUQ+ukYjR5fRNDisfBOZ3sITNXymTCjWk4jHTaYI5jc1uGfUo0OXZf65+QLTGWaNZ6t5vGSwQZqCabCs4MrocF4dtEtTUMR3bBSnHCxjgTnTnvOYom2ktx8aZrE6JKtv4xLOw+IdxBCwAQlw0PwnkjdVH8Voe3Vl7jJ46Cx40Lq8HYY5jJ1/MX5XqGUvui5E4hR4WkG3OS+E+wvrfMQLe3/QSSZSQ== X-YMail-OSG: zYLwEooVM1n_pgykpZgUgGxt0J71ZRjE2zUxUwlsVLLInqW5dNAgfs72Vap_DmZ HqcJM5ijmI9t12z.vy1ffrb7ykIJWcYXgkIPfse9sQLWNUyrnCmY_UQ__RoeV9lsORTH5rA4aKvf LEnIA154VPAAO7FnxdSHIWZdxAujFnnb5RBxwSFR5.5zgb6JRKvDuNLX6UUCZDPl.xdRn00gIvw4 Y2E0NhMEd.hoX90XAUFJ0o3TJvsYsF2xPUiOrKmiki_Hvm6oNJ6wOyly5E.3PicwE7QvywvOTKOe xRpdX9xZf.riNuqwVjt8ezriOcicN3cpsk2dcpzMxaCqCNkc9DTjEY1n._dgFgdjiVLVAE_1L4E. LRcSay1dfHhG0lZ32fYCd78suExROiV3mfAHZHw8YC.KZhHi39xjih2I793FtO46z4hDtMADfYE8 Kr5IgUcjfwaR7oKJKWJ4Lic1eiX.2q.2.XJkvErZQl0kA226v5QESs0A_v4qzYBruKkEEzwUtdoZ HgDeq8FewCk2wbnpqi_rxPnu1oXkNa5rra6ofQlqKiwu0KrcR7c_skNDBJin.JM4Rlwlhhp9BG.G f4PgshtknoQ_ZwBU7JlyHoIF9saqnlINgYq_wStmd97TY8d_NSKi5Zce7KHjtGzRNbXRMuFDOHja foBcK.G4AjVcXKMUAcfkGSsTb0Trtig3JHHutw93R8tm2rea1ZnUE5O6PphcIMyCG6y2EXAoZLlg DzjkY2iwVSHD36.s3wx1nD3hSGXebNjV8cB2DKtU7M9KkQe_u4Py6ToMwlR984ceTefmGH7DTpjQ An4m5gEd9MX210SgVeqqhl0471Z6BvLGykg9HleZuCDuW6WcA8WSpg36eyoPAGwXH7T.mw7Xjv6o ksSpz8ZbJZN_xkiUHzE5nWapWq5O0M7T.zYkZDp3KliwbRGwt3u7dc5EXtCB84pXGH8966NAd3ND jSen6ceHAdTjfEMRRZC3cCcCCYwEJNbuwwHbV7CDZKlCOOp855kJBpwzGIThY57HE.Pf2LU.9sr1 zyEJUMff3zC_K9cXwtw_3931cJp1qpmwan65PsjuouBD3tKRZpSdeIapXlGxWLNaZzaRwUzuKmCt psMQZrAD3LxUUV4ZhfZ4Ui22Ffm9GUxZZB1aZ7w.dgI.jLyhFiCiHxWkE_KZwDhey.QPjDdRKNCS zo9ZbqiOpjMgql_9beknrGGX.ECoaSEwk7SseWE8r5jm5mgC2K7EEA0FsvcdsGp8WqS13ugYTk6D SY_FKUJ1Bbxr5sLwqt512ALYzLrmSoV7qaXH929uMPvRNbGYfqqoa9BfPGCWV6m.xb7QqzFHYLLi DbilmqWoRRYXsa3XJ7UgXEznINU_24_vCw2dAYrqPMru5W2B5Kh2pOO44Tcp6Y.A7RXTPnDUvQs5 JEcYwOtFqHnPJusK5qQYG7bCqh2uI.YZjWhO7FEx063hFmwF7fiJxzIaY9b6jPf.oZ5NiE5Y5PJb J7oMK7pImAPJYXrKG4w08tjqjhrUYEz2uNlxGWIiBvzMHxBveU4r3jhLNpUzVRTLEGBbDNKAZd.v AVDYPM6d.CSt2PecBMIT.pqM9BaHmm8i040ltjg50zYr28ixrbolg7xLX7t8fNymX99l_XXly7GI GSghhZ_S48DrrCULSfrJN7gEp5CsgERkIaU4O3.aOOvevTCWb6lSLvYMCjusLUx9RpIbrV_oNoI2 jJ5aT3_imgl.wF_AIPvX3EMKX2tGXRBheOz54LPKwfYOlnI1kSbkozbnA800Ww73EuG1cLyZvFo_ BPSYHvu9VeeWc90x3oSUeLVYEmVRwfpDR_GaJODUeZ0e6wl7bo6J10sx66hH3LM4zB3vF1dH7NjQ SVFCvZ.Kva2tlyg3wRaM7K65yHMm5Icq1iukyQ3qTyztGfmzMjC5Z7SwJ4eiws.rBp6CoOAYeNrp mxqzparfZKcmdDSQ13JDpKs2_e9XwQJ1AerwSTJSRAU_hWqNuwlfSmw1LsphB97B_kigIzoaXVdS wDKA6sci4fiJwh6eGx89rSF109Wdnv8VtLea0tBqIDvy.qVyq2sgVDcZK0a3XrpA.EqLBWGls9F4 X6TBJ_zJGK7.8RAmSnxE.ddIgBOqm7fpEY1BMI6VfDRS8xrrADhsZXR08mYL9KPUF_TLjdI37x2q nddv8iG1pnvNYzaltTtZqrjbIqHMkbl4YVRcjFZ2knIwPe8JncoNmI9BheFf5uHRhWgdH.c9NLrT p.49OooLLg0l97VAWVuLH5FJ0i_PXE9.sipKY45Zof7OPAtF9.9iQILRhUOw- X-Sonic-MF: X-Sonic-ID: e5769521-bd90-41b2-9696-646c2b7e1c98 Received: from sonic.gate.mail.ne1.yahoo.com by sonic301.consmr.mail.ne1.yahoo.com with HTTP; Wed, 17 May 2023 15:58:46 +0000 Date: Wed, 17 May 2023 15:58:42 +0000 (UTC) From: Paul Pathiakis To: Odhiambo Washington , Dale Scott Cc: Matthias Fechner , FreeBSD Questions , Steven Friedrich Message-ID: <1465595584.3498118.1684339122635@mail.yahoo.com> In-Reply-To: References: Subject: Re: State of virtualization on FreeBSD List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_3498117_1104944039.1684339122634" X-Mailer: WebService/1.1.21471 YMailNorrin X-Rspamd-Queue-Id: 4QLyT41wZ2z3rbX X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:36646, ipnet:66.163.184.0/21, country:US] X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-ThisMailContainsUnwantedMimeParts: N ------=_Part_3498117_1104944039.1684339122634 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable If you set up pf correctly, you can redirect any traffic to any virtual IP= .=C2=A0 However, you may need to redirect the ports to get to the correct m= achine. I used to have about 10 jails setup for things like DNS, Apache, mail, etc.= =C2=A0 Incoming and outgoing went across the usual ports... however, after = entering the GW, it would redirect to the correct machine onto, sometimes, = a different port. Paul On Wednesday, May 17, 2023 at 07:40:17 AM PDT, Dale Scott wrote: =20 =20 =20 I also just encountered iocage today. Going to compare. Is it possible to make VMs/Jails externally/publicly accessible when you ha= ve only 1 public IP address? I don't know about jails, but vm's may require configuring a virtual networ= k, a DHCP server and a firewall with NAT rules if you only have one public = IP address. This will be required with a bhyve vm, but it built-in with vir= tualbox-ose. If you used an external NAT router, you could configure the guest vm to bri= dge the host Ethernet interface (the default for bhyve), which would allow = both the host and guest vm to access the internet, but only one would be re= achable from the internet (by configuring the "pass-thru" feature on the NA= T router). =20 ------=_Part_3498117_1104944039.1684339122634 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit
If you set up pf correctly, you can redirect any traffic to any virtual IP.  However, you may need to redirect the ports to get to the correct machine.

I used to have about 10 jails setup for things like DNS, Apache, mail, etc.  Incoming and outgoing went across the usual ports... however, after entering the GW, it would redirect to the correct machine onto, sometimes, a different port.

Paul

On Wednesday, May 17, 2023 at 07:40:17 AM PDT, Dale Scott <dalescott@shaw.ca> wrote:


I also just encountered iocage today. Going to compare.
Is it possible to make VMs/Jails externally/publicly accessible when you have only 1 public IP address?

I don't know about jails, but vm's may require configuring a virtual network, a DHCP server and a firewall with NAT rules if you only have one public IP address. This will be required with a bhyve vm, but it built-in with virtualbox-ose.

If you used an external NAT router, you could configure the guest vm to bridge the host Ethernet interface (the default for bhyve), which would allow both the host and guest vm to access the internet, but only one would be reachable from the internet (by configuring the "pass-thru" feature on the NAT router).

------=_Part_3498117_1104944039.1684339122634--