The FreeBSD Diary

The FreeBSD Diary (TM)

Providing practical examples since 1998

If you buy from Amazon USA, please support us by using this link.
 New Topic  |  Go to Top  |  Go to Topic  |  Search  |  Log In   Newer Topic  |  Older Topic 
 ezjail and natd
Author: Salvor Hardin 
Date:   07-07-08 22:04

Good article. Ezjail is incredibly useful. I combine it with NATD to create a bunch of jails all accessible through one public IP address. I encode each jail's unique ports in the last octet of the private IP address space, using NATD directives like this:

log yes

# JAIL 10
redirect_port tcp 1022
redirect_port tcp 1080

# JAIL 11
redirect_port tcp 1122
redirect_port tcp 1180
redirect_port tcp 11443

Each jail's services are on unique ports, using URLs like, for example, and ssh -p 1122. The only problem I have had is that some of our large corporate clients block all incoming and outgoing ports above 999. Baffling, but true!

Ezjail and natd help us leverage a single inexpensive server to host 35 development environments. Very cool!

The numbering scheme limits me to 56 jails, because port numbers top out at 65535, making 65443 the highest available https port. We've never come close to topping that out, so this works very well for us.

Reply To This Message
 Re: ezjail and natd
Author: tld 
Date:   26-08-08 10:39

Rather than using natd, you could probably do just fine with pf. That'd get you out of all the packets having to go to userland and back as well.

Reply To This Message
 Forum List  |  Threaded View   Newer Topic  |  Older Topic 

 Forum List  |  Need a Login? Register Here 
 User Login
 User Name:
 Remember my login:
 Forgot Your Password?
Enter your email address or user name below and a new password will be sent to the email address associated with your profile.
How to get the most out of the forum