My host machine acts as a gateway and has a simple firewall setup with
ipfw and natd. There are no problems with other computers on the local
network or the host machine in accessing the internet with this setup.

However I'm having problems with getting jails on the host pc, to access
the internet. Jails can access the host pc and vice versa, but not
external ip addresses from within a jail.

My host pc has ip and aliased as well as
(jail ip).

What am I missing to allow jails to access the internet via ipfw/nat?
Any help would be much apprecieated.

More settings below:

natd flags are: -dynamic yes -s -p -n tun0

my ipfw setup:

#firewall command
# Force a flushing of the current rules before we reload.
$fwcmd -f flush

# Divert all packets through the tunnel interface.
$fwcmd add divert natd all from any to any via tun0

# Allow all connections that have dynamic rules built for them,
# but deny established connections that don't have a dynamic rule.
# See ipfw(8) for
$fwcmd add check-state
$fwcmd add deny tcp from any to any established

#Allow all localhost connections
$fwcmd add allow tcp from me to any out via lo0 setup keep-state
$fwcmd add deny  tcp from me to any out via lo0
$fwcmd add allow ip  from me to any out via lo0 keep-state

# Allow all connections from my network card that I initiate
$fwcmd add allow tcp from me to any out xmit any setup keep-state
$fwcmd add deny  tcp from me to any
$fwcmd add allow ip from me to any out xmit any keep-state

# Allow all local connections
$fwcmd add allow tcp from any to any via fxp0 setup keep-state
$fwcmd add allow ip from any to any via fxp0 keep-state

#Allow IP fragments through
$fwcmd add pass all from any to any frag

# Allow ICMP (for ping and traceroute to work).
$fwcmd add allow icmp from any to any

# This sends a RESET to all ident packets.
$fwcmd add reset log tcp from any to me 113 in recv any

# Deny all the rest.
$fwcmd add deny log ip from any to any

Attachment: signature.asc
Description: This is a digitally signed message part

Reply via email to