Recent version of theBrig offers an option for vnet for jail networking. It means that it creates an epair virtual cable for the jail and connects it to a given interface via a bridge. It is good if you want to attach it to the main network, but I wanted to hide my jails behind firewall and communicate with the world by NAT.
Here are the steps:
- go to "Network/Interface Management" menu, "VLAN" tab and create a vlan for your main interface
- make it available to the whole system by adding a new interface at "Management" tab (named automatically as OPT1 or similar)
- in theBrig jail creation GUI (network section) select vnet
- at host side (epairXa) the ip should be the same for all jails as it will be set for the bridge (e.g. 10.0.0.1/24)
- at jail side give it as you wish within the subnet range (e.g. 10.0.0.123)
- save the config
The only thing left is configuring the NAT for the whole subnet, the same way you would do in case of a physical NIC connected to a switch.