1

I am using FreeBSD 7.1 and on my server I have two different jails. One for database and second one for game server. What I need to know is if it is possible to assign game server's jail to public IP so I do not need to forward every port I need?

At the moment I'm using PF (Packet Filter) to make NAT for jails and to forward ports to all kinds of services I'm running in game server's jail. The problem is that it seems that PF is doing something nasty with packets I redirect to the game jail and players can login but they can't do anything else (game server is separated in few subservers - each handles different map in game). I've tried to run the game server on virtualized FreeBSD on my computer and everything worked. The only difference between OS on my home machine and server is just Packet Filter. So I want to test everything on the server without the PF, but is impossible as game server runs in jail and it won't work without NAT and port redirection. On #freebsd (freenode) some guys told me that it is actually possible to have my jail to "share" public IP with host system without port forwarding.

The question is: is it? If yes, how?

Thanks for response!

Balon
  • 145
  • 1
  • 8

1 Answers1

1

Yes. Set jail_xxx_ip="1.2.3.4" in rc.conf

Note: This doesn't bypass pf, you you must still allow it (assuming it's default to deny).

Reference: FreeBSD Handbook: Creating and Controlling Jails

Chris S
  • 77,945
  • 11
  • 124
  • 216
  • I've already assigned an IP address to my jail `10.10.250.2` + assigned it to `em0` interface. But when I turn off PF (that handles NAT and port forwarding), it does not work anymore. – Balon Aug 06 '10 at 17:06
  • Okay, but the question was how to do all this without need of forwarding ports. – Balon Aug 06 '10 at 17:09
  • What firewall rules do you have? You can't just turn the firewall off, it doesn't work that way; you can turn off the service that provides NAT, but then the firewall would be sending packets to service that isn't running. – Chris S Aug 06 '10 at 17:14
  • `nat on $if from $game_jail to any -> ($if)` and for example ssh port forward `rdr on $if proto { tcp, udp } from any to $pub/32 port 3332 -> $game_jail port 3332 # ssh` But anyway, I understand you. It is just not possible to do that without PF. That's sad. – Balon Aug 06 '10 at 17:16