Date: Thu, 17 Jun 2010 21:58:50 +0200 From: David DEMELIER <demelier.david@gmail.com> To: freebsd-questions@freebsd.org Subject: Problem filtering port between host and jail. Message-ID: <AANLkTimWP41RhxR24Y-Vupq-gqDvZApe-ryIGS6BnXi3@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hi, Because I don't want to enable jail_sysvipc, I installed PostgreSQL on my host and it works fine. The problem is accessing a database within a jail. The jails are nat'ed and they can connect to the Internet. However trying psql -h 192.168.1.23 -U markand markanddb time out and said : psql: could not connect to server: Operation timed out Is the server running on host "192.168.1.23" and accepting TCP/IP connections on port 5432? my /etc/pf.conf is like : # General macros. ext_if="rl0" int_if="lo1" jails="10.0.0.0/24" host_ip = "192.168.1.23" # Nat for jails. nat on $ext_if from $jails to any -> $ext_if # Redirecting and accepting ports to jails. rdr pass inet proto tcp from any to port $ports_users -> $jail_users rdr pass inet proto tcp from any to port $ports_www -> $jail_www # Filtering ports. block log all # Filtering in. pass in on $ext_if proto tcp from any to port $ports # Filtering out. pass out all So I tried something like : pass out quick from $jails to host but it timeout too. With tcpdump I can see these messages : 00:00:12.202519 rule 0/0(match): block out on lo1: markand.malikania.fr.postgresql > 10.0.0.30.33431: tcp 20 [bad hdr length 0 - too short, < 20] I don't understand what i'm doing wrong here, if anyone can solve this, it would be great! Kind regards. -- Demelier David
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTimWP41RhxR24Y-Vupq-gqDvZApe-ryIGS6BnXi3>