management and repository for FreeBSD jails
|
|
|
Attention! I apologize, but it is automatic machine translation of the text. You can improve it if will send to me more correct version of the text or fix html pages via GITHUB repository. Commands:% cbsd natcfg % cbsd naton % cbsd natoffDescription: jails do not always require external IP, or, for security reasons, a number of services need to deploy on private IPs, so they were not available from the Internet. Thus, the jails may be needed for Internet access. In this case the NAT translating the private IP address of the jails to external IP of the server. cbsd functional has a configuration template NAT rules for translating of private networks RFC1918. To do this, this command as the first step is required:cbsd natcfgfor selecting the appropriate framework for which the configuration will be loaded NAT: pf, ipfw and ipnat. Attention! When you configure this, system file /boot/loader.conf nodes will be modified to load the appropriate modules. nat_enable="name_of_framework" IP, which will be used as source address, is requested when you first start cbsd initenv and stored in a file $workdir/nc.inventory, in the form of natip="IP", where it can be changed later. To modified natip take effect, you must run cbsd natcfg and cbsd naton again. Currently, the cbsd configuration NAT limited to the creation of rules for translating private networks. If you need to get something more from simple NAT rule, you can edit the rules file created manually in the directory $workdir/etc/ in files:pfnat.conf, when PF is used ipfw.conf, when IPFW is used, or ipnat.conf, wnen using IPNAT from IPFilter Note: To disable nat control by cbsd, use the follow command: cbsd natoff |