Re: Make a jail visible in different networks
Chuck Swiger escribió: On May 14, 2007, at 12:09 PM, Juan Sosa wrote: There are a number of approaches: the simplest involve either adding static routes between your 10.5.1/24 subnet and your 192.168.1/24 subnet, or setting up additional VPN endpoint on the 192.168.1/24 network, or using NAT to map the jail IP onto the 10.5.1/24 netblock. Without knowing your topology, it's hard to make more specific recommendations. So sorry for my duplicated message. No harm done. It's just that sometimes people get a little enthusiastic about trying to get quick responses. :-) In my network, 192.168.1.1 xl0 is linked to other remote server through tun0 with (routed)openvpn. As I said before, I'm also running mpd4 listening on ng0, and a jail with samba services on 192.168.1.10 xl0 alias. Openvpn link is formed by 192.168.1.1 (10.5.1.1) and the remote server (10.5.1.2). The PPTP ng0 interface has 10.5.1.201. Maybe a ipfw ruleset on 192.168.1.1 could do the trick? You could use ipfw+natd to map between your 192.168 and 10.5 networks, yes. However, if the only reason you have your 10.5 network around is to terminate your VPN or PPTP sessions, it sounds like it would be easier to simply move them to terminating on the 192.168 network instead. Maybe you've got more going on with the 10.5 network, or maybe there are other reasons for the split, but you control your internal address space, so if you want everybody using the VPN to be able to talk to various 192.168 addresses, it's better to set up the VPN to go onto that, IMHO... Ok. Thanks a lot. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Make a jail visible in different networks
On May 14, 2007, at 12:09 PM, Juan Sosa wrote: There are a number of approaches: the simplest involve either adding static routes between your 10.5.1/24 subnet and your 192.168.1/24 subnet, or setting up additional VPN endpoint on the 192.168.1/24 network, or using NAT to map the jail IP onto the 10.5.1/24 netblock. Without knowing your topology, it's hard to make more specific recommendations. So sorry for my duplicated message. No harm done. It's just that sometimes people get a little enthusiastic about trying to get quick responses. :-) In my network, 192.168.1.1 xl0 is linked to other remote server through tun0 with (routed)openvpn. As I said before, I'm also running mpd4 listening on ng0, and a jail with samba services on 192.168.1.10 xl0 alias. Openvpn link is formed by 192.168.1.1 (10.5.1.1) and the remote server (10.5.1.2). The PPTP ng0 interface has 10.5.1.201. Maybe a ipfw ruleset on 192.168.1.1 could do the trick? You could use ipfw+natd to map between your 192.168 and 10.5 networks, yes. However, if the only reason you have your 10.5 network around is to terminate your VPN or PPTP sessions, it sounds like it would be easier to simply move them to terminating on the 192.168 network instead. Maybe you've got more going on with the 10.5 network, or maybe there are other reasons for the split, but you control your internal address space, so if you want everybody using the VPN to be able to talk to various 192.168 addresses, it's better to set up the VPN to go onto that, IMHO... -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Make a jail visible in different networks
Chuck Swiger escribió: Hi-- On May 14, 2007, at 10:30 AM, Juan Sosa wrote: I have a freebsd server (192.168.1.5) running a NATed jail (192.168.1.10). I set up mpd4 on this server in order to allow M$ clients access our 10.5.1.0/24 vpn. Since jails can´t have more than one ip address, is there a way to make 192.168.1.10 visible to the 10.5.1.0/24 network without changing the jail ip address? Summarizing, I need to have my jail serving in both LAN and VPN networks. Any suggestions? There are a number of approaches: the simplest involve either adding static routes between your 10.5.1/24 subnet and your 192.168.1/24 subnet, or setting up additional VPN endpoint on the 192.168.1/24 network, or using NAT to map the jail IP onto the 10.5.1/24 netblock. Without knowing your topology, it's hard to make more specific recommendations. So sorry for my duplicated message. In my network, 192.168.1.1 xl0 is linked to other remote server through tun0 with (routed)openvpn. As I said before, I'm also running mpd4 listening on ng0, and a jail with samba services on 192.168.1.10 xl0 alias. Openvpn link is formed by 192.168.1.1 (10.5.1.1) and the remote server (10.5.1.2). The PPTP ng0 interface has 10.5.1.201. Maybe a ipfw ruleset on 192.168.1.1 could do the trick? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Make a jail visible in different networks
Hi-- On May 14, 2007, at 10:30 AM, Juan Sosa wrote: I have a freebsd server (192.168.1.5) running a NATed jail (192.168.1.10). I set up mpd4 on this server in order to allow M$ clients access our 10.5.1.0/24 vpn. Since jails can´t have more than one ip address, is there a way to make 192.168.1.10 visible to the 10.5.1.0/24 network without changing the jail ip address? Summarizing, I need to have my jail serving in both LAN and VPN networks. Any suggestions? There are a number of approaches: the simplest involve either adding static routes between your 10.5.1/24 subnet and your 192.168.1/24 subnet, or setting up additional VPN endpoint on the 192.168.1/24 network, or using NAT to map the jail IP onto the 10.5.1/24 netblock. Without knowing your topology, it's hard to make more specific recommendations. -- -Chuck PS: Also, no need to ask the same question twice ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"