Re: natd in a jail

SOLVED: Thanks all for your assistance. SUMMARY: - Kernel rebuilt with option IPFIREWALL and friends turned on (not necessary if your ipfw modules work you should just be able to load them, mine didn't for reasons I don't really have the time or inclination to track down) - OpenVPN configuration

Re: natd in a jail

On Sat, Nov 24, 2012 at 5:44 PM, Morgan Reed wrote: > Works like a charm, just one last thing I'd like to get squared away > here though, currently OpenVPN is using a dynamically created tun > device, I'd like to have a static /dev/tun0 exist prior to the > /etc/rc.d/natd start launching (because

Re: natd in a jail

On Sat, Nov 24, 2012 at 9:16 PM, Morgan Reed wrote: >> And with ipfw nat you won't be needing ipdivert. Again, no harm. > > Yeah, I didn't think it should be necessary but something was trying > to load it from within the jails and throwing an error, probably the > natd startup script, not sure w

Re: natd in a jail

On Sat, Nov 24, 2012 at 7:26 PM, Ian Smith wrote: > Unless you needed to include FIREWALL_FORWARD, you really didn't need to > build ipfw into the kernel, it's all loadable by module. No harm, but. The ipfw_nat module was causing an instant panic at load and I was going to have to rebuild my ker

Re: natd in a jail

On Sat, 24 Nov 2012 17:44:30 +1100, Morgan Reed wrote: > On Fri, Nov 23, 2012 at 5:16 PM, Morgan Reed wrote: > > So it turns out I'd not bought bpf into the jails, however even with > > that and raw_sockets enabled I'm still having no joy with natd. > > > > I've been looking at ipfw a bit tod

Re: natd in a jail

On Fri, Nov 23, 2012 at 5:16 PM, Morgan Reed wrote: > So it turns out I'd not bought bpf into the jails, however even with > that and raw_sockets enabled I'm still having no joy with natd. > > I've been looking at ipfw a bit today but I've run into an issue, > loading ipfw_nat causes my kernel to

Re: natd in a jail

On Fri, Nov 23, 2012 at 7:48 PM, Andreas Nilsson wrote: > Why not just load the module? Yeah, you got beaten to the punch on that one offlist, it's late in the day here ;) ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/list

Re: natd in a jail

On Fri, Nov 23, 2012 at 7:22 AM, Morgan Reed wrote: > On Fri, Nov 23, 2012 at 5:16 PM, Morgan Reed > wrote: > > So it turns out I'd not bought bpf into the jails, however even with > > that and raw_sockets enabled I'm still having no joy with natd. > > > > I've been looking at ipfw a bit today bu

Re: natd in a jail

On Fri, Nov 23, 2012 at 5:16 PM, Morgan Reed wrote: > So it turns out I'd not bought bpf into the jails, however even with > that and raw_sockets enabled I'm still having no joy with natd. > > I've been looking at ipfw a bit today but I've run into an issue, > loading ipfw_nat causes my kernel to

Re: natd in a jail

On Thu, Nov 22, 2012 at 10:36 PM, Morgan Reed wrote: > BPF is enabled for the jails, and the traffic is getting to where it > needs to (but not via natd). I'll try enabling raw_sockets in the > jails, it is entirely conceivable that natd requires that > functionality. So it turns out I'd not boug

Re: natd in a jail

On 11/22/2012 6:00 AM, Morgan Reed wrote: Hi All, Hi, [snipped content] Any suggestions here? A quick one. Could you make a try using "ipfw nat" instead of natd? I am not sure about divert socket and natd per jail, but NATing using ipfw and libalias(which natd uses as well) works. HTH, Niko

Re: natd in a jail

On Thu, Nov 22, 2012 at 10:32 PM, Teske, Devin wrote: > I have created a boot script for managing vimages (downloadable as a FreeBSD > package) and made a little write-up on how to use it... > http://druidbsd.sf.net/vimage.shtml As noted elsewhere, these are VIMAGE jails, but I'm managing them m

Fwd: natd in a jail

Hmm, list was missing from reply-to on this one. -- Forwarded message -- From: Morgan Reed Date: Thu, Nov 22, 2012 at 10:36 PM Subject: Re: natd in a jail To: Dewayne Geraghty On Thu, Nov 22, 2012 at 9:33 PM, Dewayne Geraghty wrote: > We run a lot of jails with kernel

Re: natd in a jail

On Thu, Nov 22, 2012 at 9:38 PM, Simon Dick wrote: > I've not used it myself, but this sound like something VIMAGE may be good > for, basically it's a virtual tcp stack per jail, there's some docs at > http://wiki.freebsd.org/Image but I seem to remember a more up to date one > elsewhere but can't

Re: natd in a jail

On Nov 22, 2012, at 2:43 AM, wrote: >> I've not used it myself, but this sound like something VIMAGE may be good >> for, basically it's a virtual tcp stack per jail, there's some docs at >> http://wiki.freebsd.org/Image but I seem to remember a more up to date one >> elsewhere but can't find it

Re: natd in a jail

> I've not used it myself, but this sound like something VIMAGE may be good > for, basically it's a virtual tcp stack per jail, there's some docs at > http://wiki.freebsd.org/Image but I seem to remember a more up to date one > elsewhere but can't find it at the moment! AFAIK, VIMAGE is still expe

Re: natd in a jail

On 22 November 2012 04:00, Morgan Reed wrote: > Hi All, > > I've a bit of an odd query which I hope somebody may be able to > assist with. > > I'm looking to set up several OpenVPN tunnels on a single machine > (each residing in its own jail) and route data to different > destinations over d

natd in a jail

Hi All, I've a bit of an odd query which I hope somebody may be able to assist with. I'm looking to set up several OpenVPN tunnels on a single machine (each residing in its own jail) and route data to different destinations over different tunnels by selectively routing the traffic via a part