From owner-freebsd-jail@FreeBSD.ORG  Mon Jul  7 15:19:02 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 1C3D24EC
 for <freebsd-jail@freebsd.org>; Mon,  7 Jul 2014 15:19:02 +0000 (UTC)
Received: from mail.tyknet.dk (mail.tyknet.dk
 [IPv6:2a01:4f8:201:2327:144:76:253:226])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id CCACB2065
 for <freebsd-jail@freebsd.org>; Mon,  7 Jul 2014 15:19:01 +0000 (UTC)
Received: from [10.10.2.24] (217.71.4.82.static.router4.bolignet.dk
 [217.71.4.82])
 (using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits))
 (No client certificate requested)
 by mail.tyknet.dk (Postfix) with ESMTPSA id 36BF123374B;
 Mon,  7 Jul 2014 15:18:58 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.8.3 mail.tyknet.dk 36BF123374B
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=gibfest.dk; s=default;
 t=1404746338; bh=BsH4afv8OE3sK3rJUlepHG8C9uBJ2q8LFSzCj8Wwt84=;
 h=Date:From:To:CC:Subject:References:In-Reply-To;
 b=sr7G7gkAe195STo/kE/4yuOqTPvrwgUnar2pp/XvRGeSbABwBI0a/LQ+N8siQM2Zc
 T91efgOP8ruy56fiLUYeryt0UAMEreAxtNYlZEntNQQtwGBh8oSKz2nGrt98U9fcBi
 kj5JO4VSPBSw1AMicWEgJKc42RjRw0Jmt5XYBDj0zwwLHQJW0k5E+kxLu6x/7bW+og
 ayGDgIN4OeBBeO2hr84sypOANvxfllul3MZM/s/nZTSDqPIpCKNOa3zM7uV05u7RI/
 i3ksyttTqxS/x9e7o7av0sWNjN0WF4SLmjgYLMXYu32gg3Nf1b88xFQI+uzBzt6BLQ
 P3pVnZ/l73x7w==
Message-ID: <53BABA64.20004@gibfest.dk>
Date: Mon, 07 Jul 2014 17:19:00 +0200
From: Thomas Steen Rasmussen <thomas@gibfest.dk>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64;
 rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: m.bryn1u@gmail.com
Subject: Re: PF+Jail+IRC Cannot redirect oidentd from jail without "~"
References: <CAHsHv-bugF76Y1QiL-ydB3STKJn0NM+y0ZCVuZH4KSxVBSDyPQ@mail.gmail.com>
In-Reply-To: <CAHsHv-bugF76Y1QiL-ydB3STKJn0NM+y0ZCVuZH4KSxVBSDyPQ@mail.gmail.com>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: freebsd-jail@freebsd.org
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Jul 2014 15:19:02 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On 06-07-2014 11:53, bryn1u85 . wrote:
> Hey,
> 
> I have a problem, have been sitting since a few days and can't
> resolve the problem.
> 
> I want to redirect oidentd port 113 from jail, becuse i use to
> irssi and want to connect with irc servers without "~" before ident
> example ~ident@host .
> 
> I don't know what else can i do. Nothing helps.
> 
> My etc/pf.conf
> 
> ... nat on em0 from $ip_oksymoron to any -> $ip_pub rdr on em0 inet
> proto tcp from any to $ip_pub port 113 -> $ip_oksymoron port 113 
> ... black in all pass in on $ext_if proto tcp from any to
> $ip_oksymoron port 113 ...
> 
> I checked from host without pf, works well. Checked from host with
> pf and works well but from jail it still doesn't work. Someone can
> help with this issue ?

Hello,

Try adding the "static-port" keyword to your nat rule.

Your TCP connections to IRC are coming from another port than you
think, static-port fixes that.

Best regards,

Thomas Steen Rasmussen
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJTurpkAAoJEHcv938JcvpYHRAP/RFoFafeg3tkDnyZZIeBcodW
HH9F+BYebU+iut0A3KM0jcN5jw/UHh9R2DDQX5lDT7Zkou39nxyLehFPZJ2ukCpG
jgn6cyi0/6pnjjF09thasBQSJvABy4Z/9T92s9g1WAHXvpcShRs3KaSq/AXbGdwx
9hOfhmg6Gxt8MzrANtRXpgdRSC2RU1lwKHWH2Qpskzu5d0sBVe2/Yv0BTZaSU/YU
qUBaVWGeEy3ajlKFcGsi9bs6gVmCJPdu96SMkvJsdWxJRGBUvCkpt07SCkFXoOlS
JkGUlMoorD6UvBQmYQizuFUfTd3gYMpu6/rH81dAARBohNQI741fUMz3NxTnEau5
yDyOZ2kEptYvYo1jK/a290aCFkkiblbmrt/r+oOgGQJPoQow13B2+b+qTnVvtOAj
HHPsQL8tSVmgoYbIDdpORd25a/mQ8SMC3GJ1S0Y2wia4qkhhmzISPiR81BRersQy
iD6pkJc22h39hvvJyxsUqrDe+lFbN6Sc3HiTvRPE3qu5f1tNafB9IAfDCDtcJOwx
4/tMbsBbpuLe6QKwuzOxP780M8n7degdIr9ItUInSrYV+fztQuUf1fvrkzZGcAQG
+zZxu/nqfhIwvTyuiHgaCzohaka5mBYMyHVq5I8P4+7bpahdkHsYJOWedYfXU+02
1gm0UV0r0vyDfCxv7lIy
=j9gn
-----END PGP SIGNATURE-----