On Wed, 16 Mar 2005, [UTF-8] SÅ~Bawek Å»ak wrote:
Hi,
I need to have some jails configured, sharing single IP address (IPv6
is a no-no for the time being:). Therefore I came up with an idea of
binding them all to lo0 and assigning subsequent IP aliases as the
addresses. The requirement for the jails is to let them to receive
(the easy part) and *send* packets to the outside.
The jails cannot directly access the Internet as they cannot bind to
the external IP address of course. Some translation needs to be made,
I think. After wrestling with ipfw/ipf/pf for a couple of hours I
don't have a working solution.
pf:
# Tables: similar to macros, but more flexible for many addresses.
table <webservers> { 1.2.3.4, 5.6.7.8, 9.9.9.9 }
# Translation: specify how addresses are to be mapped or redirected.
nat on $ext_if from $loopback_addr to any -> ($ext_if)
# rdr: packets coming in on $ext_if with destination <webservers>:80
rdr on $ext_if proto tcp from any to <webservers> port 80 -> $loopback_addr
port 80
--
Sten Spans
"There is a crack in everything, that's how the light gets in."
Leonard Cohen - Anthem
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
