Internal Policy Routing

From: Meno Abels (meno.abels_at_adviser.com)
Date: 10/30/03

  • Next message: Ed: "Re: Just curious, how large is FreeBSD?" 
    Date: Thu, 30 Oct 2003 07:19:39 +0100
To: freebsd-questions@freebsd.org

    Hello,

    i 'am search for an solution for a multi-jailed enviroment. I have an
    system with
    around 20 jailed enviroments that are made for easy of use. The idea is
    to add to this jailed system an jailed central firewall for all other
    jailed enviroments.
    To gets this to run i need a special routing which is easily done on
    linux with
    "policy routing" but i didn't found a similar function on bsd. My network
    layout look like this, remember this network is running in one box.

    internet-------firewalljail(69.10.3.3)----

                                 |---- internaljail-0(192.168.19.1)
                                 |---- internaljail-1(192.168.19.2)
                                 |---- internaljail-2(192.168.19.3)
                                 |---- internaljail-3(192.168.19.4)

    To enable this i need to add to the internaljails an defaultroute
    to the 69.10.3.3 and the 69.10.3.3 needs an defaultroute to the
    internet so that the firewalljail will transfer(filter) all packets
    which are send/received from the internaljails. Is there any
    solution. I know that there some additional problems with setting
    the ipf/bpf kernel infos from an jail but this problem is solveable,
    first solution is not use an jail for the firewall, to use the master.

    Thanks in advance

    Meno

    _______________________________________________
    freebsd-questions@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-questions
    To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"

  • Next message: Ed: "Re: Just curious, how large is FreeBSD?"