From owner-freebsd-arm@freebsd.org Thu Mar 14 10:10:50 2019 Return-Path: Delivered-To: freebsd-arm@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 94187153C08C for ; Thu, 14 Mar 2019 10:10:50 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 27E1C70344 for ; Thu, 14 Mar 2019 10:10:50 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 71A6C74EB for ; Thu, 14 Mar 2019 10:10:49 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id x2EAAnlw041733 for ; Thu, 14 Mar 2019 10:10:49 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id x2EAAndD041732 for freebsd-arm@FreeBSD.org; Thu, 14 Mar 2019 10:10:49 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: freebsd-arm@FreeBSD.org Subject: [Bug 236523] No FQDN ping from a Jail with NAT and ipfw Date: Thu, 14 Mar 2019 10:10:49 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: arm X-Bugzilla-Version: 12.0-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: joneum@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-arm@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-arm@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Porting FreeBSD to ARM processors." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Mar 2019 10:10:50 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D236523 Bug ID: 236523 Summary: No FQDN ping from a Jail with NAT and ipfw Product: Base System Version: 12.0-RELEASE Hardware: arm64 OS: Any Status: New Severity: Affects Only Me Priority: --- Component: arm Assignee: freebsd-arm@FreeBSD.org Reporter: joneum@FreeBSD.org Is there a Bug / Problem with NAT and ipfw on arm64? This config works with amd64 on FreeBSD12.0 It does not work on a RaspberryPi 3 with FreeBSD 12.0 and CURRENT / arm64 Config: /etc/rc.conf hostname=3D"rpi3project.local" keymap=3Dde ifconfig_ue0=3D"inet 192.168.2.90 netmask 255.255.255.0" defaultrouter=3D"192.168.2.1" sshd_enable=3D"YES" ntpdate_enable=3D"YES" ntpd_enable=3D"YES" # Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable dumpdev=3D"AUTO" jail_enable=3D"YES" sendmail_enable=3D"NONE" sendmail_submit_enable=3D"NO" sendmail_outbound_enable=3D"NO" sendmail_msp_queue_enable=3D"NO" #IPFW firewall_enable=3D"YES" #firewall_type=3D"open" firewall_nat_enable=3D"YES" firewall_script=3D"/etc/ipfw.conf" #NAT cloned_interfaces=3D"lo1" ifconfig_lo1_alias0=3D"inet 10.0.0.1 netmask 255.255.255.0" gateway_enable=3D"YES" growfs_enable=3D"YES" ###################### /etc/jail.conf: exec.start=3D"/bin/sh /etc/rc"; exec.stop=3D"/bin/sh /etc/rc.shutdown"; exec.clean; mount.devfs; interface=3D"lo1"; jail1icinga { host.hostname =3D "jail1icinga.local"; path =3D /usr/jails/jail1icinga; ip4.addr =3D "10.0.0.1"; allow.raw_sockets=3D1; allow.chflags; allow.mount.procfs; allow.mount.devfs; } ######################### /etc/ipfw.conf: cmd=3D"/sbin/ipfw -q" lan_if=3D"ue0" ipaddr=3D"192.168.2.30/24" vm_net=3D"10.0.0.0/28" $cmd flush $cmd queue flush $cmd pipe flush $cmd add 10 check-state $cmd add 20 allow all from me to $vm_net setup keep-state # NAT $cmd nat 1 config if $lan_if $cmd add 50 nat 1 all from $vm_net to not $vm_net $cmd add 60 nat 1 all from any to $ipaddr $cmd add 70 allow all from any to any ##################### /etc/resolv.conf (maihost + jail) nameserver 192.168.2.1 ##################### # jls JID IP Address Hostname Path 1 10.0.0.1 jail1icinga.local /usr/jails/jail1icinga # jexec 1 csh root@jail1icinga:/ # ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8): 56 data bytes 64 bytes from 8.8.8.8: icmp_seq=3D0 ttl=3D124 time=3D16.328 ms 64 bytes from 8.8.8.8: icmp_seq=3D1 ttl=3D124 time=3D16.232 ms root@jail1icinga:/ # ping www.google.de ping: cannot resolve www.google.de: Host name lookup failure ####################### On a FreeBSD 12.0 / amd64 with the same config (copy) into the jail: ot # jexec 1 csh root@jail1icinga:/ # ping www.google.de PING www.google.de (172.217.16.131): 56 data bytes 64 bytes from 172.217.16.131: icmp_seq=3D0 ttl=3D57 time=3D17.520 ms 64 bytes from 172.217.16.131: icmp_seq=3D1 ttl=3D57 time=3D17.293 ms ^C --=20 You are receiving this mail because: You are the assignee for the bug.=