Hi,
im playing around with jails.
The first thing I did was to setup some jails attached to aliases on a real network interface(not loopback). Everything was working fine, I could connect from a jail on one machine to a service running withing a jail on another machine. I can manage the configuration steeps needed to achieve that.
What I disliked about it was, that I had to mount /dev/mem and /dev/kmem within jails, to enable routing. And I guess that could be one of the reasons why people do use NAT for jails.
So now Im trying to setup some jails with NAT. Therefore I use aliases on the loopback interface. Im able to connect from one jail to a service running in another jail on the same machine. That works even without NAT, just by using the assigned (loopback) aliases.
Now I was into setup natd+ipfw. Lets try first with the outgoing traffic. For what I have read about jails and NAT, I understand that the main issue is to translate the network address through natd which is called by ipfw. I was playing around and I did tcdump on both the rl0 and the lo0 interfaces. All outgoing traffic occures only in the lo0 tcpdump and I am asking myself what I need to do to make it visible on the rl0 interface.
Should I not use lo0 for jails at all, but rl0 instead with some "loopback alike IP" aliases?
Thanks in advance!
im playing around with jails.
The first thing I did was to setup some jails attached to aliases on a real network interface(not loopback). Everything was working fine, I could connect from a jail on one machine to a service running withing a jail on another machine. I can manage the configuration steeps needed to achieve that.
What I disliked about it was, that I had to mount /dev/mem and /dev/kmem within jails, to enable routing. And I guess that could be one of the reasons why people do use NAT for jails.
So now Im trying to setup some jails with NAT. Therefore I use aliases on the loopback interface. Im able to connect from one jail to a service running in another jail on the same machine. That works even without NAT, just by using the assigned (loopback) aliases.
Now I was into setup natd+ipfw. Lets try first with the outgoing traffic. For what I have read about jails and NAT, I understand that the main issue is to translate the network address through natd which is called by ipfw. I was playing around and I did tcdump on both the rl0 and the lo0 interfaces. All outgoing traffic occures only in the lo0 tcpdump and I am asking myself what I need to do to make it visible on the rl0 interface.
Should I not use lo0 for jails at all, but rl0 instead with some "loopback alike IP" aliases?
Thanks in advance!