Hi 20 jun 2012 kl. 19:51 skrev Sami Halabi:
> Thank you. > > I want to use vnet jail for a specific subnet that I need to seperate from > the system. If you want total separation from the main system you need vnet jail to be able to have a separate routing table and default gateway. > so basicly i create a vlan + a bridged interface to the public. You don't need to create a bridge, just create a vlan interface and move it to the jail. > these two (vlan+bridged interface- epair0a) will in in the vnet jail, so I > can do NAT only for that vlan going out. > This is the idea, as there are more interfaces in the system and there is > only one interface out… I do this to be able to use the same hardware for inside server and DMZ server. Have been working for two month without any problem. > > so basicly it should be a firewall & Nat only between the specific lan and > the outside world. > > Can this be accomplished otherway? > > Sami > > On Wed, Jun 20, 2012 at 5:43 PM, Alexander V. Chernikov < > melif...@freebsd.org> wrote: > >> On 19.06.2012 12:56, Sami Halabi wrote: >> >>> Hi, >>> >>> I want to ask aout VNET jails, i read somehwre that I'm able to run IPFW, >>> but not PF firewall in a cnet jail. >>> is that correct? >>> >>> i want a vnet jail basicly for nat, so natd with ipfw + ipdivert is my >>> >> 1) You can do nat without vnet. >> 2) ipfw nat is currently the easiest way to do nat. >> >> >> choice? or i can use pf somehow, I never used pf before, >>> so i would like some advise here... >>> >>> Thanks in advance, >>> >>> >> >> -- >> WBR, Alexander >> > > > > -- > Sami Halabi > Information Systems Engineer > NMS Projects Expert > FreeBSD SysAdmin Expert > _______________________________________________ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org" _______________________________________________ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
