*New 11.3 series Release:
2019-10-05: XigmaNAS 11.3.0.4.6928 - released, 11.2 series are soon unsupported!

*New 12.0 series Release:
2019-10-05: XigmaNAS 12.0.0.4.6928 - released!

*New 11.2 series Release:
2019-09-23: XigmaNAS 11.2.0.4.6881 - released!

We really need "Your" help on XigmaNAS https://translations.launchpad.net/xigmanas translations. Please help today!

Producing and hosting XigmaNAS costs money. Please consider donating for our project so that we can continue to offer you the best.
We need your support! eg: PAYPAL

[HOWTO]NAT for Jails and single IP (VPS).

Jails with XigmaNAS
Forum rules
Set-Up GuideFAQsForum Rules
Post Reply
Andy22
Starter
Starter
Posts: 54
Joined: 22 Feb 2014 17:16
Status: Offline

[HOWTO]NAT for Jails and single IP (VPS).

#1

Post by Andy22 » 20 Mar 2014 11:30

Hi,

short guide on how to enable NAT for Jails, so u can use Jails with a single external IP, like on a remote VPS. I'm no expert but this setup did work for me, if u notice some strange parts feel free to correct!
NOTE: em0 is my external interface with a single public routeable IP.

[loader.conf]
ipfw_nat_load="YES"

[rc.conf]
gateway_enable="YES"
firewall_nat_enable="YES"
firewall_nat_interface="em0"

[sysctl.conf]
net.inet.ip.forwarding=1
// next lines are not needed for NAT, but i have those added since i need them for the backup application
security.jail.allow_raw_sockets=1
security.jail.sysvipc_allowed=1

I use a "nat_on.sh" script to add the ipfw rules, which is started right after the Jail starts via TheBrigs Addition Parameters "exec.poststart=/mnt/DataSYS/nat_on.sh"

I use "192.168.1.1/29" as my Jail ip's range.

nat_on.sh

Code: Select all

#!/bin/sh
fwcmd="/sbin/ipfw"

############
# Flush out the list before we begin.
${fwcmd} -f flush

${fwcmd} add 100 pass all from any to any via lo0

${fwcmd} add nat 1 all from 192.168.1.1/29 to any out via em0
${fwcmd} add nat 1 all from any to {your external single IP} in via em0
${fwcmd} nat 1 config if em0
I don't need to have the IPFW service actually enabled for this to work, which confuses me?

Inside TheBrig u now use the "192.168.1.1/29" range for your Jails and u should have external access, u should also be able to add rules to access sshd/webserver inside a Jail, but i did not test this.

bye
Andy


PS: I actually use this to get Duplicati 2.0 running via mono inside a Jail, so it can backup some readonly mounts to S3. The 2.0 version is experimental, so this way inside a Jail + readonly access nothing can happen :p

Andy22
Starter
Starter
Posts: 54
Joined: 22 Feb 2014 17:16
Status: Offline

Re: [HOWTO]NAT for Jails and single IP (VPS).

#2

Post by Andy22 » 23 Mar 2014 15:37

Short notice the external public ip is static in my case of a VPS, so if u have a dynamic public ip u need to acquire the ip first and use a variable instead.

Squallsnext
NewUser
NewUser
Posts: 6
Joined: 24 Jan 2015 18:34
Status: Offline

Re: [HOWTO]NAT for Jails and single IP (VPS).

#3

Post by Squallsnext » 25 Jan 2015 12:19

Hi and sorry for my bad english. I have a question for the jail and you HOW TO.
I have one jail with a another IP. But my NAS and the Jail have the same mac address. Can this instruction fix the problem?

milan456
NewUser
NewUser
Posts: 2
Joined: 28 Feb 2017 14:14
Status: Offline

Re: [HOWTO]NAT for Jails and single IP (VPS).

#4

Post by milan456 » 05 Mar 2017 17:07

Hi,

I tried to follow the above settings on NAS4free 10.2 but without success. I installed TheBrig and configured a jail, but I don't get internet access from within the jail (as tested by pkg update). The system has a single NIC which is connected to the internet via DHCP, the host system works as expected.
Maybe this is a stupid question, but the settings need to be done to the loader.conf, rc.conf etc. files of the host system or to the files within the jail?
Has someone else gotten this to work? Is there something missing in the above settings which I have to consider?
Any help is welcome...

Post Reply

Return to “Jails”