[prev in list] [next in list] [prev in thread] [next in thread]
List: freebsd-jail
Subject: Re: FreeBSD 12.1, vnet jail, and internet access
From: JÁKÓ András <jako.andras () eik ! bme ! hu>
Date: 2020-06-29 8:41:50
Message-ID: 20200629084150.GC65151 () eik ! bme ! hu
[Download RAW message or body]
> > > I was under the impression that the two stacks were separate?
> >
> > They are. But I don't think your ISP knows anything about your private
> > subnet, so they won't send IP packets with your private destination
> > address to you. And most probably they won't accept IP packets with your
> > private source address from you. So you have to translate these private
> > addresses if you want your ISP (and others) to forward them.
> >
> > > Should I nat on the bridge or epair?
> >
> > On the bridge, I guess.
> >
>
> Have 2 questions.
>
> If there were no ip addresses on the bridge and the epair0b in the vnet jail
> would packets pass out the bridge member external interface?
It's a 802.1 bridge, it can pass frames to the external interface
(according to its MAC address table).
> How would I setup a public domain name to target the vnet jail?
A public domain name should point to a public IP address. If your jail's
IP address is a private one, and you do NAT, then use your public IP
address (the one that is translated to the jail's private address). If
you have a public address in the jail and you don't use address
translation, then use the jail's public IP address in the DNS.
András
_______________________________________________
freebsd-jail@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org"
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic