From owner-freebsd-jail@FreeBSD.ORG Sun Mar 14 08:40:55 2010 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AC986106566C for ; Sun, 14 Mar 2010 08:40:55 +0000 (UTC) (envelope-from christer.solskogen@gmail.com) Received: from mail-ew0-f228.google.com (mail-ew0-f228.google.com [209.85.219.228]) by mx1.freebsd.org (Postfix) with ESMTP id 465388FC19 for ; Sun, 14 Mar 2010 08:40:54 +0000 (UTC) Received: by ewy28 with SMTP id 28so449188ewy.13 for ; Sun, 14 Mar 2010 00:40:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type; bh=UCcxnog/HJqQvLTb0DCSfqOkwzSkne7xbT2WUiuI9N0=; b=eUL/zWbxbi1NUQisLT4pri+AHhZvjpaXa82LJ0CX47JLFNSHh+RjSiSpcr0TheqrxD Z3Mw+L7M46XxqPIQVhOGviEG0mqsWjpQIK9ocWttxa5Hvp/bK3g28cM9yjVnPQa/DDj1 MjZXIV9mQyendQl+gpHN0CNJuAKnepigIzLYQ= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=Zt0SLJAUlEc/FJ4gp9Q00wHgh3cAB7gMR/Spgv3tXOIawvuTSv6DDJu2y6BUl3oaDu SGqwWBshOEbbtknwSCyYCoYbkLrQ0LGieHsP0VdJlstHCKW0OEUy3d1NhaoD3AlChqxX ijNAPouZpjNDevM6fXean6fMak8ip9lotDrjA= MIME-Version: 1.0 Received: by 10.213.39.140 with SMTP id g12mr1432334ebe.48.1268556054019; Sun, 14 Mar 2010 00:40:54 -0800 (PST) Date: Sun, 14 Mar 2010 09:40:53 +0100 Message-ID: From: Christer Solskogen To: freebsd-jail@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Subject: ftp-proxy on jails on lo1 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Mar 2010 08:40:55 -0000 I've been setting up my jails on a cloned interface called lo1 (127.0.1.0/24) - and it seems jails are having bit of a problem using ftp in passive mode even when I think I've set things up correctly. The only jail that is not on lo1 (192.168.0.4) is not having any issues connecting to a ftp server. pf.conf:: int_if="em0" jif="lo1" db1="127.0.1.1" web="127.0.1.2" proxy="127.0.1.3" imap="127.0.1.6" tomcat="127.0.1.8" ns="192.168.0.4" postgres="127.0.1.9" nat on $int_if from $jif:network to any -> ($int_if) nat-anchor "ftp-proxy/*" rdr-anchor "ftp-proxy/*" rdr pass proto tcp from any to any port 21 -> 127.0.0.1 port 8021 #redirects to jails rdr pass on $int_if proto tcp from any to any port 8180 -> $tomcat rdr pass on { $int_if, lo0 } proto tcp from any to any port { 80, 443, 993 } -> $proxy rdr pass on $int_if proto { tcp, udp } from any to ($int_if) port domain -> $ns rdr pass on $int_if proto tcp from any to ($int_if) port 5432 -> $postgres anchor "ftp-proxy/*" pass all keep state and ftp-proxy is really running: shine# sockstat -4 | grep ftp proxy ftp-proxy 94980 3 tcp4 127.0.0.1:8021 *:* Any clues? -- chs,