Kernel NAT issues
Dewayne Geraghty
dewaynegeraghty at gmail.com
Sat Nov 28 17:55:01 UTC 2015
Nathan, I've gone the same way that you have, ie bunch of jails that are
individually providing services& kernel Nat. It takes careful planning and
the knowledge that the default route will be the first IP in your jail.conf
list for each jail.
Getting jails to play nice means fiddling around with all interfaces. If
you can take ipfw out of the equation until you can see tcpdump traffic
doing what you want; the challenge hasn't been ipfw in my experience. (&
yes initially I've had three tcpdumps going at once too; along with old
friends: raw ip & ping )
Enjoy the fun of getting it to work, it's well worth the effort. (And be
thankful that you aren't using pf, another level of complexity but suits my
needs perfectly) ;)
Dewayne
More information about the freebsd-ipfw
mailing list