The steps below are for a VNET jail.
There are two options to get Internet connectivity for jails:
NAT is probably the easiest method for most cases.
Follow these steps to get Internet connectivity inside a jail with NAT (handled in PF):
net.inet.ip.forwarding=1 # Enable IP forwarding between interfaces
net.link.bridge.pfil_onlyip=0 # Only pass IP packets when pfil is enabled
net.link.bridge.pfil_bridge=0 # Packet filter on the bridge interface
net.link.bridge.pfil_member=0 # Packet filter on the member interface
Assign an IP to your bridge0 ifconfig 10.1.1.254/24 up (this will become the default GW for the jail)
Add your physical interface (example em0) to bridge0 ifconfig bridge0 addm em0 up
Configure jail Interfaces ifconfig vnet0 10.1.1.10/24 up
nameserver 194.132.32.32
nameserver 46.246.46.246
Exit from chroot
Configure outbound NAT (“Real world example with VNET, NAT, PF, IPFW and port forwarding”)
Start jail iocage start UUID
Drop into jail iocage console UUID
ping default gateway 10.1.1.254, you should have a reply!
ping Internet addresses, if all is good you should have Internet access now!