Setup of jail bound to lo0
Brian Reichert
reichert at numachi.com
Tue Mar 15 15:56:07 PST 2005
On Wed, Mar 16, 2005 at 12:27:57AM +0100, S??awek ??ak wrote:
> Hi,
>
> I need to have some jails configured, sharing single IP address (IPv6
> is a no-no for the time being:). Therefore I came up with an idea of
> binding them all to lo0 and assigning subsequent IP aliases as the
> addresses. The requirement for the jails is to let them to receive
> (the easy part) and *send* packets to the outside.
>
> Which obviously doesn't work. I've tried to add alias IP, but then it
> stops the natd `rule' matching.
Hmm. This was working for me under 4.9-RELEASE:
# prep/launch
(build kernel with
options IPFIREWALL
options IPDIVERT
)
# useful environment
setenv JAIL_IF vr0
setenv JAIL_IP 192.168.0.1
setenv TESTJAIL /var/minjail
ifconfig $JAIL_IF alias $JAIL_IP
# spin up a private NAT
sysctl net.inet.ip.forwarding=1
sysctl jail.set_hostname_allowed=0
ipfw add 50 divert natd all from any to any via $JAIL_IF
/sbin/natd -n $JAIL_IF -log -unregistered_only
# spin up the jail
jail $TESTJAIL testhostname $JAIL_IP /bin/sh
> Net Gods, help me please, /S
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
--
Brian Reichert <reichert at numachi.com>
55 Crystal Ave. #286 Daytime number: (603) 434-6842
Derry NH 03038-1725 USA BSD admin/developer at large
More information about the freebsd-net
mailing list