Date: Wed, 18 Oct 2023 12:35:33 +0300 From: Odhiambo Washington <odhiambo@gmail.com> To: freebsd-virtualization@freebsd.org Cc: Paul Procacci <pprocacci@gmail.com> Subject: Re: Running a webserver inside a bhyve host and exposing it to the world via PF Message-ID: <CAAdA2WNCqxpnHPxmdpvc7ECvUvZbp1YaDsNTTgYPxhaM_2nHRw@mail.gmail.com> In-Reply-To: <CAFbbPuiRLC0F93JMybdk2sFzJ2X_o5JqkQo3trd91LoZeusXqA@mail.gmail.com> References: <CAAdA2WNzTb6Fvk=Z%2BtAx376mBRztgxY_M75aXBzDFN1bb9yOuQ@mail.gmail.com> <CAFbbPuiRLC0F93JMybdk2sFzJ2X_o5JqkQo3trd91LoZeusXqA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--000000000000b849a90607fa5ec4 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Tue, Oct 17, 2023 at 6:03=E2=80=AFPM Paul Procacci <pprocacci@gmail.com>= wrote: > > > On Tue, Oct 17, 2023 at 10:01=E2=80=AFAM Odhiambo Washington <odhiambo@gm= ail.com> > wrote: > >> I am stuck on how I can achieve this. >> I have a Linux VM running under bhyve. I have installed a webserver >> running on port 80 that I'd like to expose to the outside world. >> I am unable to figure out how to achieve this with PF running on the hos= t >> machine. >> >> 1. I am able to access my VM using VNC Viewer >> 2. My VM is able to access the Internet >> 3. I am NOT able to ping my VM from the host >> 4. I am unable to SSH into the VM from the host. >> >> My hunch tells me it's about my PF.conf, but is there a guide somewhere >> on achieving the above? >> >> >> -- >> Best regards, >> Odhiambo WASHINGTON, >> Nairobi,KE >> +254 7 3200 0004/+254 7 2274 3223 >> "Oh, the cruft.", egrep -v '^$|^.*#' =C2=AF\_(=E3=83=84)_/=C2=AF :-) >> [How to ask smart questions: >> http://www.catb.org/~esr/faqs/smart-questions.html] >> > > Care to share what you tried with your PF.conf? > > It should be something as simple as: > rdr on <interface> proto tcp from <source host> to <physical host> port > <physical port> -> <internal host> port <internal port> > Two rules that aren't working: # VM HTTP rdr pass on $ext_if inet proto tcp from any to any port { 8081, 8999 } \ -> 172.16.0.99 port 80 # VM SSH rdr pass on $ext_if inet proto tcp from any to port { 2222 } \ -> 172.16.0.99 port 22 I am able to PING the VM from the HOST. >From the host, I am able to SSH to the VM. I am also able to do `telnet VM_IP 80` successfully. >From the WAN (Internet) when I do `ssh HOST:2222`, I expect to land in the VM, but that does not happen. So far I have: # bhyve bhyve_net=3D"172.16.0.0/24" And this NAT rule: nat on $ext_if from $bhyve_net to any -> ($ext_if) Do I need another PF rule to deal with the above issue? --=20 Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", egrep -v '^$|^.*#' =C2=AF\_(=E3=83=84)_/=C2=AF :-) [How to ask smart questions: http://www.catb.org/~esr/faqs/smart-questions.html] --000000000000b849a90607fa5ec4 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable <div dir=3D"ltr"><div dir=3D"ltr"><br></div><br><div class=3D"gmail_quote">= <div dir=3D"ltr" class=3D"gmail_attr">On Tue, Oct 17, 2023 at 6:03=E2=80=AF= PM Paul Procacci <<a href=3D"mailto:pprocacci@gmail.com">pprocacci@gmail= .com</a>> wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"mar= gin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1= ex"><div dir=3D"ltr"><div><div dir=3D"ltr"><br></div><br><div class=3D"gmai= l_quote"><div dir=3D"ltr" class=3D"gmail_attr">On Tue, Oct 17, 2023 at 10:0= 1=E2=80=AFAM Odhiambo Washington <<a href=3D"mailto:odhiambo@gmail.com" = target=3D"_blank">odhiambo@gmail.com</a>> wrote:<br></div><blockquote cl= ass=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid= rgb(204,204,204);padding-left:1ex"><div dir=3D"ltr">I am stuck on how I ca= n achieve this.<div>I have a Linux=C2=A0VM running under bhyve. I have inst= alled a webserver running on port=C2=A080 that I'd like to expose to th= e outside world.</div><div>I am unable to figure out how to achieve this wi= th PF running on the host machine.</div><div><br></div><div>1. I am able to= access my VM using VNC Viewer</div><div>2. My VM is able to access the Int= ernet</div><div>3. I am NOT able to ping my VM from the host</div><div>4. I= am unable to SSH into the VM from the host.=C2=A0</div><div><br></div><div= >My hunch tells me it's about my PF.conf, but is there a guide somewher= e on achieving the above?</div><div><br clear=3D"all"><div><br></div><span = class=3D"gmail_signature_prefix">-- </span><br><div dir=3D"ltr" class=3D"gm= ail_signature"><div dir=3D"ltr"><div dir=3D"ltr"><div>Best regards,<br>Odhi= ambo WASHINGTON,<br>Nairobi,KE<br>+254 7 3200 0004/+254 7 2274 3223<br>&quo= t;<span style=3D"font-size:12.8px">Oh, the cruft.</span><span style=3D"font= -size:12.8px">",=C2=A0</span><span style=3D"font-size:12.8px">egrep -v= '^$|^.*#'=C2=A0</span><span style=3D"background-color:rgb(34,34,34= );color:rgb(238,238,238);font-family:"Lucida Console",Consolas,&q= uot;Courier New",monospace;font-size:13.6px">=C2=AF\_(=E3=83=84)_/=C2= =AF</span><span style=3D"font-size:12.8px">=C2=A0:-)</span></div><div><span= style=3D"font-size:12.8px">[How to ask smart questions:=C2=A0</span><span = style=3D"font-size:12.8px"><a href=3D"http://www.catb.org/~esr/faqs/smart-q= uestions.html" target=3D"_blank">http://www.catb.org/~esr/faqs/smart-questi= ons.html</a>]</span></div></div></div></div></div></div> </blockquote></div><br clear=3D"all"></div><div>Care to share what you trie= d with your PF.conf?</div><div><br>It should be something as simple as:<br>= rdr on <interface> proto tcp from <source host> to <physical= host> port <physical port> -> <internal host> port <i= nternal port><br></div></div></blockquote><div><br></div><div>Two rules = that aren't working:</div><div><br></div># VM HTTP<br>rdr pass on $ext_= if inet proto tcp from any to any port { 8081, 8999 } \<br>=C2=A0 =C2=A0 = =C2=A0 =C2=A0 -> 172.16.0.99 port 80<br># VM SSH<br>rdr pass on $ext_if = inet proto tcp from any to port { 2222 } \<br><div>=C2=A0 =C2=A0 =C2=A0 =C2= =A0 -> 172.16.0.99 port 22</div><div>=C2=A0</div><div></div></div><div>I= am able to PING the VM from the=C2=A0HOST.</div><div><br></div>From the ho= st, I am able to SSH to the VM. I am also able to do `telnet VM_IP 80` succ= essfully.<div><br></div><div>From the WAN (Internet) when I do `ssh HOST:22= 22`, I expect to land in the VM, but that does not happen.</div><div><br></= div><div>So far I have:<br></div><div><br></div><div># bhyve<br>bhyve_net= =3D"<a href=3D"http://172.16.0.0/24">172.16.0.0/24</a>"<br></div>= <div><br></div><div>And this NAT rule:</div><div>nat on $ext_if from $bhyve= _net to any -> ($ext_if)<br></div><div><br></div><div>Do I need another = PF rule to deal with the above issue?</div><div><div><br></div><span class= =3D"gmail_signature_prefix">-- </span><br><div dir=3D"ltr" class=3D"gmail_s= ignature"><div dir=3D"ltr"><div dir=3D"ltr"><div>Best regards,<br>Odhiambo = WASHINGTON,<br>Nairobi,KE<br>+254 7 3200 0004/+254 7 2274 3223<br>"<sp= an style=3D"font-size:12.8px">Oh, the cruft.</span><span style=3D"font-size= :12.8px">",=C2=A0</span><span style=3D"font-size:12.8px">egrep -v '= ;^$|^.*#'=C2=A0</span><span style=3D"background-color:rgb(34,34,34);col= or:rgb(238,238,238);font-family:"Lucida Console",Consolas,"C= ourier New",monospace;font-size:13.6px">=C2=AF\_(=E3=83=84)_/=C2=AF</s= pan><span style=3D"font-size:12.8px">=C2=A0:-)</span></div><div><span style= =3D"font-size:12.8px">[How to ask smart questions:=C2=A0</span><span style= =3D"font-size:12.8px"><a href=3D"http://www.catb.org/~esr/faqs/smart-questi= ons.html" target=3D"_blank">http://www.catb.org/~esr/faqs/smart-questions.h= tml</a>]</span></div></div></div></div></div></div> --000000000000b849a90607fa5ec4--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAAdA2WNCqxpnHPxmdpvc7ECvUvZbp1YaDsNTTgYPxhaM_2nHRw>