nat and jails on a single interface machine?

W

wonslung

I just got ezjails working and all the jails I've given actual outgoing ip's work fine, but I want to have a couple that don't have outgoing ip, and instead use internal ip's in the 192.168.0.0/24 range. How do I do this? I understand how to set up pf but it's not working... I'm sure I'm forgetting an important step but I don't know what it is.
 
Assuming that you have one network interface with an external ip
and aliases set up on that interface with internal ips, and you're using pf as a firewall, you should probably have something like thins in your
pf.conf:

ext_if="em0"
ext_addr="91.192.188.99"

nat on $ext_if from 192.168.0.0/24 to any -> $ext_addr
Click to expand...

It should work. If it does not, you should consider posting more info on your actual setup and configs
 
I don't know why it wasn't working, but I ended up just setting up a public ip and a private ip for each jail... Seems to work ok....
 
Hi,

I think I do exactly what you aim at doing; you can create
Code: 
lo1
interface and bind your internal network to it. You will need NAT then.
 
I've got the same type of setup, I have a server with 5 ips and I created 3 more internal ips for various jails. Here's some things I have in my current config that might help.

/etc/pf.conf
Code: 
ext_if="em1"
jail_if="lo1"
jail_ip="10.1.1.0/24"

## traffic normalization
set skip on { lo0, lo1 }
## nat rules
nat pass on $ext_if from $jail_ip to any -> main external ip

Here's what I have in my /etc/rc.conf
Code: 
cloned_interfaces="lo1"
ifconfig_lo1="inet 10.1.1.254 netmask 255.255.255.0"
ifconfig_lo1_alias0="inet 10.1.1.1 netmask 255.255.255.0"
 
You must log in or register to reply here.
Back
Top