internet access from jail, on host acting as nat gateway

From: Khairil Yusof (kaeru_at_pd.jaring.my)
Date: 05/26/04

  • Next message: Cole: "Pthread / Memory Problem." 
    To: freebsd-hackers@freebsd.org
Date: Wed, 26 May 2004 23:08:28 +0800

    Asking here, because I got no replies in questions@ :(

    I'm having a problem here, where I can't access the internet from inside
    my jails. The host and another computer on the lan (fxp0) have no
    problems connecting to the internet via natd. I don't have any problems
    for connections between the host and jail either.

    Is internet access from a jail, for this kind of setup possible?

    I do have a divert all rule:
    divert 8668 ip from any to any via tun0
     
    and rc.conf is

    natd_interface="tun0"
    natd_flags="-dynamic yes -s -m"
    nfs_reserved_port_only="NO"

  • Next message: Cole: "Pthread / Memory Problem."

    Relevant Pages

    • Re: 2 pc network - cant see host files from pc 2 on pc 1
      ... If the second card is lost on HOST PC then DSL Internet does not connect. ... Ditch the second network card in the one ...
      (microsoft.public.windowsxp.security_admin)
    • RE: Spamcop listed - need help to diagnose why
      ... >> The damage done to the Internet by just a single host that might ... using archaic versions of Exchange, or notes mail, or whatever - these ... All I said was that listing systems that do not ...
      (freebsd-questions)
    • Jails - Pseudo Interfaces/ Virtual Networks - Best Practices?
      ... I'm in the process of planning a transition from VMWare (on CentOS host) hosting service-specific FreeBSD virtual machines to the seemingly more efficient, stable, and lower maintenance cost approach, now that I've figured out at least some of the "magic" of creating jails under FreeBSD. ... The questions generally relate to being able to consistently identify traffic from/to the jails, inside and outside the jail host, with tools such as ipfw and tcpdump. ... With VMWare, I was used to being able to create a pseudo-interface that could be "wired" to a virtual "switch" and then that switch could be bridged to a physical interface. ... Here DNS needs to be run for the host itself only, to be able to start up NTP and allow ssh connections for management over the "protected" interface. ...
      (freebsd-questions)
    • Re: carp+pfsync+freevrrpd+jail
      ... no traffic appears on master host - that means that the local carp ... host will answer the request. ... In case service IP is local it just dealing with jail. ... If only master carp answering packets then packet, coming from internal vlan200 comes to host: ...
      (freebsd-stable)
    • Re: virtual server 2005 rs client not able to ping host
      ... If the NIC in the host is dedicated to the Internet connection, ... cannot use it to connect to the guest. ...
      (microsoft.public.windows.server.networking)