Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 23 Jul 2021 20:04:41 +0200
From:      Jacques Foucry <jacques+freebsd@foucry.net>
To:        Michael Gmelin <freebsd@grem.de>
Cc:        Jacques Foucry <jacques+freebsd@foucry.net>, freebsd-questions@freebsd.org, freebsd-jail@freebsd.org
Subject:   Re: iocage, vnet jail does not go outside
Message-ID:  <YPsEuaj5R6iKKHVd@mithril.foucry.net>
In-Reply-To: <20210723195142.77b668f1@bsd64.grem.de>
References:  <YPrwCW44LdKfHxIk@mithril.foucry.net> <20210723195142.77b668f1@bsd64.grem.de>

next in thread | previous in thread | raw e-mail | index | archive | help
Le vendredi 23 juil. 2021 à 19:51:42 (+0200), Michael Gmelin à écrit:

Hello Michael,

> You need to enable some sort of NAT at your end, e.g. using pf. Traffic
> is leaving your host on a private IP.


I forgot to post the part of my pf.conf your right. I enabled a NAT (may be in
a wroing way):

ext_if = em0
int_if = "{lo0 lo1}"
bridge_if = bridge0

icmp_types="{ echoreq, unreach }"

# ok loopback
set skip on lo0
set skip on lo1
#set skip on bridge0

# define jails
jails_net = "{192.168.12.0/24 10.0.10.0/24 2a01:4f9:4a:1fd8::/64}"

…

# nat
nat on $ext_if from $jails_net to any -> $ext_if

…

# ExampleJail
rdr on $ext_if inet proto tcp from any to $ext_if port $examplejail_ports -> $examplejail_v4
rdr on $ext_if inet6 proto tcp from any to $ext_if port $examplejail_ports -> $examplejail_v6

…

pass in log quick on $ext_if proto tcp from any to $examplejail_v4 port $examplejail_ports flags S/SA keep state
pass in log quick on $ext_if proto tcp from any to $examplejail_v6 port $examplejail_ports

…

# Allow icmp
pass in inet proto icmp all icmp-type $icmp_types
#IPv6 - pass in/out all IPv6 ICMP traffic
pass in quick proto icmp6 Allow



Is there something wrong of missing? I was guessing that the NAT is correct
because I can connect from outside (IPv4 and IPv6) to this jail.


Thanks again for your time.
-- 
Jacques Foucry



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?YPsEuaj5R6iKKHVd>