Date: Mon, 26 Feb 2018 15:35:08 +0100 From: Peter Ludikovsky <peter@ludikovsky.name> To: freebsd-questions@freebsd.org Subject: Re: UDP connections from NAT'ed jails Message-ID: <6ADC216F-CD1E-4AFA-8E57-01E928BC2776@ludikovsky.name> In-Reply-To: <CB81FE3C-CA97-43DF-85D0-8C271C96DB9C@sigsegv.be> References: <8B3177FE-1FE5-4455-8F3C-CB5CE664B8C1@ludikovsky.name> <CB81FE3C-CA97-43DF-85D0-8C271C96DB9C@sigsegv.be>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi,
With the adapdation on the VM:
[peter@doctor ~]$ sudo service pf reload
Reloading pf rules=2E
[peter@doctor ~]$ cat /etc/pf=2Econf=20
IP_PUB=3D"10=2E0=2E2=2E15"
IP_JAIL=3D"192=2E168=2E5=2E2"
NET_JAIL=3D"192=2E168=2E5=2E0/24"
scrub in all
#set skip on lo
nat pass on em0 from $NET_JAIL to any -> $IP_PUB
pass out keep state
[peter@doctor ~]$ sudo pfctl -sn
nat pass on em0 inet from 192=2E168=2E5=2E0/24 to any -> 10=2E0=2E2=2E=
15
[peter@doctor ~]$ host pkg=2Efreebsd=2Eorg
pkg=2Efreebsd=2Eorg is an alias for pkgmir=2Egeo=2Efreebsd=2Eorg=2E
pkgmir=2Egeo=2Efreebsd=2Eorg has address 149=2E20=2E1=2E201
pkgmir=2Egeo=2Efreebsd=2Eorg has IPv6 address 2001:4f8:1:11::50:1
No change in the jail=2E
tcpdump on the host shows resolution happening for the jail-host, but
nothing for the jail itself=2E
Regards,
/peter
Am 26=2E Februar 2018 13:58:23 MEZ schrieb Kristof Provost <kristof@sigseg=
v=2Ebe>:
>On 26 Feb 2018, at 18:11, Peter Ludikovsky wrote:
>> I'm experimenting with jails in preparation for moving my home server
>> from Linux to FreeBSD=2E I'm doing this from within a VirtualBox VM,=20
>> since
>> it's easier to revert to a previous state in case I break something=2E
>>
>> My biggest issue ATM is that my first jail can't resolve any host=2E
>TCP
>> and ICMP packets pass without issue, but DNS requests time out=2E I
>> checked with tcpdump on both the outside interface of the VM and of=20
>> the
>> host, neither show any DNS requests=2E Both hosts use 9=2E9=2E9=2E10 as=
the=20
>> DNS
>> server in /etc/resolv=2Econf=2E
>>
>=E2=80=A6
>> Anyone got a pointer on what's going wrong here?
>>
>Hmm=2E That=E2=80=99s interesting=2E Can you tcpdump on the host to see w=
hat=E2=80=99s=20
>going on with your DNS packets?
>
>Also, I=E2=80=99d try to remove the =E2=80=98set skip on lo=E2=80=99 pf r=
ule=2E
>
>Regards,
>Kristof
>_______________________________________________
>freebsd-questions@freebsd=2Eorg mailing list
>https://lists=2Efreebsd=2Eorg/mailman/listinfo/freebsd-questions
>To unsubscribe, send any mail to
>"freebsd-questions-unsubscribe@freebsd=2Eorg"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6ADC216F-CD1E-4AFA-8E57-01E928BC2776>