Make jail available to bind only certain ports

qorg11

qorg11

I want to create a Jail with a public IP address. But as we have IPv4 address shortage. I want to only make the jail able to bind to a range of ports (say 700 to 750).

I asked in the IRC and one answer was to use pf to NAT ports from/to the jail.
 
qorg11 said:
I want to only make the jail able to bind to a range of ports (say 700 to 750).
Click to expand...
What's running on that jail? I mean, why all those ports?

qorg11 said:
I asked in the IRC and one answer was to use pf to NAT ports from/to the jail.
Click to expand...
Yes. That's a good way to do this. Bind the jail to lo1 and NAT the incoming traffic.

You could just bind the jail directly to the external IP address. But you obviously cannot bind more than one service to a single port.
 
What's running on that jail? I mean, why all those ports?
Click to expand...
No particular reason. It's just a "VPS" I give to friends that's actually a jail. So they can use the jail to use some port agnostic services. Such as XMPP, or a Minetest server.

NATing the jail worked. If someone also wants to do this, this is the configuration that worked for me:

Code: 
nat on $ext_if from 127.0.0.0/24 to any -> $SERVER_ADDRESS
rdr on $ext_if proto tcp from any to any port 1700:1720 -> 127.0.0.255
 
You must log in or register to reply here.
Back
Top