In experimenting with jails, I've had a need to put them on machines in which I didn't have extra public IP addresses to assign to the NIC. Turns out you can easily assign private addresses to an interface, and setup NAT (Network Address Translation) to allow the jails access to the rest of the world.
The loopback interface
lo0 seems to work pretty well for this. On one
machine I put ezjail on, I just picked the IP block
out of my hat, and added an alias address on-the-fly with this command:
ifconfig lo0 alias 10.51.50.1 netmask 255.255.255.255
To make it happen at boot time, add this to
ifconfig_lo0_alias0="inet 10.51.50.1 netmast 255.255.255.255"
To setup FreeBSD's PF to NAT to the
10.51.50.x block, this
/etc/pf.conf, after any
but before any
pass type rules:
nat on $ext_if from 10.51.50.0/24 to any -> $ext_if
Reload the PF configuration with:
pfctl -f /etc/pf.conf
On another machine, I did mostly the same setup, except for using
127.x.x.x numbers. Not sure if there's any advantage
one way or the other, both machines seemed to work pretty much the same.