OVH Community, your new community space.

Revised: FreeBSD 10, Multiple I.P's, port forwarding > jails.


zzz
11-11-2014, 11:36
Firstly thanks to all that have commented on my previous post and the OVH team. I have had some discussions and confirmed that opening the second adapter is not available on my plan, however in discussions I can block ports on certain I.P's - thus *hopefully* allowing me to forward traffic to the jails in question and *hopefully* allowing me to allocate jails to their respective I.Ps - well that is what I am hoping for and thus asking about....

So its 9:45 am of my first day of a SYS-IP-1 dedicated server. Installed FreeBSD 10 last night and settled in to try and get familiar with it as I thought my (previous post) case of em0 and em1 and forwarding traffic to physical adapters would be simple enough to do. Now after a discussion and new direction I am putting the new challenge here as I have done a few things but not worked with blocks of I.Ps before.

So normal procedure (as of owning a previous kimsufi server) would be to fire up the installer for freebsd 10, wait for my login pass, ssh into my box, install ports, install my (overly simplified) nano editor...

Previously I created for one I.P and eth0 a l01 loopback (rc.conf) and used rules based on ports (pf.conf) on my main I.P to forward ports to internal i.p ranges created on the l01 adapter. ezjail and allocating those i.ps worked fine. This test case is perfectly fine if you plan on doing things *normally*


Now I am pretty new to all this, and this is where I am becoming a little stumped. I need to *know* (as in sense - or whatever the right word is) what traffic is coming from what *external I.P* on my em0 adapter.

Now I understand the magic is in how i deal with rc.conf and pf.conf.

How do I assign more than one alias to my em0 adapter? I have 16 I.P's that direct currently to my server - can someone here show me a rule for 3 that I could extend apon. Goal is as follows:

Write whatever needs to be placed in rc.conf to deal with the 16 individual I.P's and point them to a l01 loopback adapter, or l02,l03 etc so that each external I.P and its port (i.e 80) gets routed to an internal i.p and port (i.e 192.168.0.2 - port 80) but this should allow for more external i.ps needing 80 to traverse to their own internal I.P....Anyone seeing the sense here ?

Here's the scenario:

Few Jails, mysql jail, nginx jail, php-fm and php jail etc..

These are all going into a group of jails I will dub "web jails"

Then theres a few oddities - mono.

mono needs to use a variety of ports and it needs to use 80. and receive on it depending on what .exe I run. I plan on running later more odd apps like this so that I can interface *eventually* with my web apps. However I need a plan to be able to utilise separation. I would prefer to use FreeBSD here.

So, while I look for a method to modify my rc.conf and or my pf.conf to deal with traffic on my i,p ranges (which I am told is probably going to be nowhere to be found but can be done) and while I have just realised i have been given info relating to making eth0 etc - which is linux based advice - does anyone here know how to forward ports based on traffic from specific i.ps i own but picking it up on one adapter?

Am I really limited to two aliases per adapter?

10:30 and hoping I can get some advice while i trawl FreeBSD sites