One more Jail/Network question..

osx-addict · Mar 4, 2009

Ok.. Now that I've got a working jail I've got one last question (hopefully).

If my router is currently forwarding (via NAT) incoming requests from the Internet on port 25 to my main server -- the freebsd host at 10.0.1.198, will my jailed up mail server running Sendmail see it if the IP of that jail is 10.0.1.201 or do I need to do one of the following:

Change the cisco router to point to the IP of the Jailed Sendmail installation (e.g. 10.0.1.201 as indicated above)
Use PF (or similar) and put a forward rule in place to forward incoming requests for 10.0.1.198:25 --> 10.0.1.201:25

My hunch tells me #2 above is the correct answer..

By the way -- if I ping a jailed environment (e.g. 10.0.1.201) from a different machine, will that jailed environment actually respond.. That wasn't really clear to me after reading about the IP aliasing..

anomie · Mar 4, 2009

osx-addict said:
Change the cisco router to point to the IP of the Jailed Sendmail installation (e.g. 10.0.1.201 as indicated above)

Use PF (or similar) and put a forward rule in place to forward incoming requests for 10.0.1.198:25 --> 10.0.1.201:25

IMO, #1 is a cleaner approach. Remember to poke a hole in your host's firewall (pf) to allow traffic to 10.0.1.201, tcp port 25.

osx-addict · Mar 5, 2009

anomie said:
IMO, #1 is a cleaner approach. Remember to poke a hole in your host's firewall (pf) to allow traffic to 10.0.1.201, tcp port 25.

Ok.. Thanks! I've currently got a hole in the firewall to forward port 25 connections to the server in general (10.0.1.198 in this case). I'll adjust that to read the other IP instead and we should be good to go.. Thanks mucho!