Re: [Jail] Setting default route in Jail?

Thu, 21 Jul 2005 08:19:46 -0700 


On Jul 21, 2005, at 9:02 AM, [EMAIL PROTECTED] wrote:


Hello All,

My setup looks like this:
The FreeBSD machine have a public range IP address, and I set up a couple of jails with private range IP addresses (192.168.x.x) on the same box.
The private range ip adresses are set up as aliases, using the procedure 
as described in the jail(8) man page.
All works fine, except for the fact that from within the jails I do not 
have internet connectivity as the default route is the same as my jail
hosts default route. For this to work I would have to be able to set my default route in the jail environment to the IP address of my jail host 
and enable the jail host as a gateway.
The problem is that you are not allowed to set the default route inside of the jail, and currently this default route is the default route of the 
jail host.

I am sure other people must have had this problem before and found a
solution. :)

Anybody know any workrounds? Or maybe a better way to set this up?


Hi
I got it working though I don't remember exactly how. I set my host as a gateway and maybe played around with some ipfw rules. I did do some ipfw rules and set up natd but I don't remember exactly what it was I was doing with them (meaning why) as I had some other needs as well...
The xxx out addresses are the public netblock we have. I am not an ipfw expert and came up with these through trial and error and reading web pages in the middle of the night 

waymoot# more rc.firewall
#!/bin/sh
#
/sbin/ipfw -f flush
/sbin/ipfw add pass all from x.x.x.0/24 to me
/sbin/ipfw add pass all from me to x.x.x.0/24 via bge0
/sbin/ipfw add pass all from 192.168.2.0/24 to me
/sbin/ipfw add pass all from 192.168.1.0/24 to me
/sbin/ipfw add pass all from me to 192.168.2.0/24 via bge1
/sbin/ipfw add pass all from me to 192.168.1.0/24 via bge0
/sbin/ipfw add divert natd all from any to any via bge0
/sbin/ipfw add pass all from any to any
waymoot#

best
Chad




Thank you in advance!
---Jaco
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions- [EMAIL PROTECTED]" 



---
Chad Leigh -- Shire.Net LLC
Your Web App and Email hosting provider
[EMAIL PROTECTED]


_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to