[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freebsd-jail
Subject:    Re: FreeBSD 12.1, vnet jail, and internet access
From:       JÁKÓ András <jako.andras () eik ! bme ! hu>
Date:       2020-06-29 8:41:50
Message-ID: 20200629084150.GC65151 () eik ! bme ! hu
[Download RAW message or body]

> > > I was under the impression that the two stacks were separate?
> > 
> > They are. But I don't think your ISP knows anything about your private
> > subnet, so they won't send IP packets with your private destination
> > address to you. And most probably they won't accept IP packets with your
> > private source address from you. So you have to translate these private
> > addresses if you want your ISP (and others) to forward them.
> > 
> > > Should I nat on the bridge or epair?
> > 
> > On the bridge, I guess.
> > 
> 
> Have 2 questions.
> 
> If there were no ip addresses on the bridge and the epair0b in the vnet jail
> would packets pass out the bridge member external interface?

It's a 802.1 bridge, it can pass frames to the external interface
(according to its MAC address table).

> How would I setup a public domain name to target the vnet jail?

A public domain name should point to a public IP address. If your jail's
IP address is a private one, and you do NAT, then use your public IP
address (the one that is translated to the jail's private address). If
you have a public address in the jail and you don't use address
translation, then use the jail's public IP address in the DNS.

András
_______________________________________________
freebsd-jail@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org"

[prev in list] [next in list] [prev in thread] [next in thread]