# Redirecting Public IPs to jails



## Hombrus (Jul 30, 2015)

I am currently working with FreeBSD for the first time. My plan is to set up a server where I have several jails. Currently, I am planning on running three of them: a webserver, an owncloud server and a Teamspeak 3 server.

I got it running so far that I currently have one jail with an NGINX server which is accessible over the internet with my main IP 46.165.XXX.XXX. This is my pf.conf:

```
# INTERFACES
ext_if="bge0"
int_if="lo1"
jailnet=$int_if:network

# Name and IP of jails
WEBSERVER="10.1.1.1"

# NAT
nat on $ext_if from $jailnet to any -> ($ext_if)

# Redirect any packets requesting port 80 or 443 to jail "WEBSERVER"
rdr pass on $ext_if inet proto tcp to port http -> $WEBSERVER port http
rdr pass on $ext_if inet proto tcp to port https -> $WEBSERVER port https
```

This works perfectly, I can access it via the IP, both HTTP and HTTPS work.

Now my next step would be to create another jail (no problems there) but it has to be accessible via another IP 37.58.XXX.XXX.

What changes would I have to introduce into my pf.conf?


----------



## scottro (Jul 30, 2015)

Is that going to be on the same interface?  If not, then it should be easy.  You have your $ext_if so just make another, say, ext_if1.   You could also make your macro by IP address rather than interface, so host1 as one IP and host2 as another.  

That answer is fairly simple, making me wonder if I've misunderstood the question. If so, I apologize.


----------



## SirDice (Jul 31, 2015)

Something like this should work:

```
ext_ip1="1.2.3.4"
ext_ip2="4.3.2.1"

jail_ip1="10.0.0.1"
jail_ip2="10.0.0.2"

ext_if="bge0"
int_if="lo1"

nat on $ext_if from $jail_ip1 to any -> $ext_ip1
nat on $ext_if from $jail_ip2 to any -> $ext_ip2

rdr on $ext_if inet proto tcp from any to $ext_ip1 port 80 -> $jail_ip1 port 80
rdr on $ext_if inet proto tcp from any to $ext_ip2 port 80 -> $jail_ip2 port 80
```

Make sure both external addresses are bound to $ext_if.


----------

