Attention! Current pages describe cbsd version 10.0.3. If you are using an older version, please update first.
Attention! I'm apologize, but it is automatic machine translation of the text. You can improve it if will send to me more correct version of the text or fix html pages via GITHUB repository.
Working with NAT
natcfg, naton, natoff commands
% cbsd natcfg
% cbsd naton
% cbsd natoff
Description:
Jails do not always require external IP, or, for security reasons, a number of services need to deploy on private IPs, so they were not available from the Internet. Thus, the jails may be needed for Internet access.
In this case the NAT translating the private IP address of the jails to external IP of the server. CBSD functional has a configuration template NAT rules for translating of private networks RFC1918. To do this, this command as the first step is required:
% cbsd natcfg
for selecting the appropriate framework for which the configuration will be loaded NAT: pf, ipfw and ipnat.
Attention! When you configure this, system file /boot/loader.conf nodes will be modified to load the appropriate modules.
Selection framework and IP for NAT alias executed when you first start cbsd initenv, can later be reconfigured through cbsd initenv-tui To natip changed in force, you must run cbsd natcfg and cbsd naton again. Currently, the cbsd configuration NAT limited to the creation of rules for translating private networks. If you need to get something more from simple NAT rule, you can edit the rules file created manually in the directory $workdir/etc/ in files:
- pfnat.conf, when PF is used
- ipfw.conf, when IPFW is used, or
- ipnat.conf, wnen using IPNAT from IPFilter
Note:
If nodeip (IP of nodes), he is within RFC1918 networks for the subnet broadcast NAT rule will not be created. To disable nat control by CBSD, use the follow command:
% cbsd natoff