Nathan, I've gone the same way that you have, ie bunch of jails that are individually providing services& kernel Nat. It takes careful planning and the knowledge that the default route will be the first IP in your jail.conf list for each jail.
Getting jails to play nice means fiddling around with all interfaces. If you can take ipfw out of the equation until you can see tcpdump traffic doing what you want; the challenge hasn't been ipfw in my experience. (& yes initially I've had three tcpdumps going at once too; along with old friends: raw ip & ping ) Enjoy the fun of getting it to work, it's well worth the effort. (And be thankful that you aren't using pf, another level of complexity but suits my needs perfectly) ;) Dewayne _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "[email protected]"
