> > > I was under the impression that the two stacks were separate? > > > > They are. But I don't think your ISP knows anything about your private > > subnet, so they won't send IP packets with your private destination > > address to you. And most probably they won't accept IP packets with your > > private source address from you. So you have to translate these private > > addresses if you want your ISP (and others) to forward them. > > > > > Should I nat on the bridge or epair? > > > > On the bridge, I guess. > > > > Have 2 questions. > > If there were no ip addresses on the bridge and the epair0b in the vnet jail > would packets pass out the bridge member external interface?
It's a 802.1 bridge, it can pass frames to the external interface (according to its MAC address table). > How would I setup a public domain name to target the vnet jail? A public domain name should point to a public IP address. If your jail's IP address is a private one, and you do NAT, then use your public IP address (the one that is translated to the jail's private address). If you have a public address in the jail and you don't use address translation, then use the jail's public IP address in the DNS. András _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "[email protected]"
