My host machine acts as a gateway and has a simple firewall setup with ipfw and natd. There are no problems with other computers on the local network or the host machine in accessing the internet with this setup.
However I'm having problems with getting jails on the host pc, to access the internet. Jails can access the host pc and vice versa, but not external ip addresses from within a jail. My host pc has ip 192.168.1.1 and aliased 10.1.1.1 as well as 10.1.1.2 (jail ip). What am I missing to allow jails to access the internet via ipfw/nat? Any help would be much apprecieated. More settings below: natd flags are: -dynamic yes -s -p -n tun0 my ipfw setup: #firewall command fwcmd="/sbin/ipfw" # Force a flushing of the current rules before we reload. $fwcmd -f flush # Divert all packets through the tunnel interface. $fwcmd add divert natd all from any to any via tun0 # Allow all connections that have dynamic rules built for them, # but deny established connections that don't have a dynamic rule. # See ipfw(8) for details. $fwcmd add check-state $fwcmd add deny tcp from any to any established #Allow all localhost connections $fwcmd add allow tcp from me to any out via lo0 setup keep-state $fwcmd add deny tcp from me to any out via lo0 $fwcmd add allow ip from me to any out via lo0 keep-state # Allow all connections from my network card that I initiate $fwcmd add allow tcp from me to any out xmit any setup keep-state $fwcmd add deny tcp from me to any $fwcmd add allow ip from me to any out xmit any keep-state # Allow all local connections $fwcmd add allow tcp from any to any via fxp0 setup keep-state $fwcmd add allow ip from any to any via fxp0 keep-state #Allow IP fragments through $fwcmd add pass all from any to any frag # Allow ICMP (for ping and traceroute to work). $fwcmd add allow icmp from any to any # This sends a RESET to all ident packets. $fwcmd add reset log tcp from any to me 113 in recv any # Deny all the rest. $fwcmd add deny log ip from any to any
Description: This is a digitally signed message part