Date: Thu, 14 Mar 2019 10:10:49 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-arm@FreeBSD.org Subject: [Bug 236523] No FQDN ping from a Jail with NAT and ipfw Message-ID: <bug-236523-7@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D236523 Bug ID: 236523 Summary: No FQDN ping from a Jail with NAT and ipfw Product: Base System Version: 12.0-RELEASE Hardware: arm64 OS: Any Status: New Severity: Affects Only Me Priority: --- Component: arm Assignee: freebsd-arm@FreeBSD.org Reporter: joneum@FreeBSD.org Is there a Bug / Problem with NAT and ipfw on arm64? This config works with amd64 on FreeBSD12.0 It does not work on a RaspberryPi 3 with FreeBSD 12.0 and CURRENT / arm64 Config: /etc/rc.conf hostname=3D"rpi3project.local" keymap=3Dde ifconfig_ue0=3D"inet 192.168.2.90 netmask 255.255.255.0" defaultrouter=3D"192.168.2.1" sshd_enable=3D"YES" ntpdate_enable=3D"YES" ntpd_enable=3D"YES" # Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable dumpdev=3D"AUTO" jail_enable=3D"YES" sendmail_enable=3D"NONE" sendmail_submit_enable=3D"NO" sendmail_outbound_enable=3D"NO" sendmail_msp_queue_enable=3D"NO" #IPFW firewall_enable=3D"YES" #firewall_type=3D"open" firewall_nat_enable=3D"YES" firewall_script=3D"/etc/ipfw.conf" #NAT cloned_interfaces=3D"lo1" ifconfig_lo1_alias0=3D"inet 10.0.0.1 netmask 255.255.255.0" gateway_enable=3D"YES" growfs_enable=3D"YES" ###################### /etc/jail.conf: exec.start=3D"/bin/sh /etc/rc"; exec.stop=3D"/bin/sh /etc/rc.shutdown"; exec.clean; mount.devfs; interface=3D"lo1"; jail1icinga { host.hostname =3D "jail1icinga.local"; path =3D /usr/jails/jail1icinga; ip4.addr =3D "10.0.0.1"; allow.raw_sockets=3D1; allow.chflags; allow.mount.procfs; allow.mount.devfs; } ######################### /etc/ipfw.conf: cmd=3D"/sbin/ipfw -q" lan_if=3D"ue0" ipaddr=3D"192.168.2.30/24" vm_net=3D"10.0.0.0/28" $cmd flush $cmd queue flush $cmd pipe flush $cmd add 10 check-state $cmd add 20 allow all from me to $vm_net setup keep-state # NAT $cmd nat 1 config if $lan_if $cmd add 50 nat 1 all from $vm_net to not $vm_net $cmd add 60 nat 1 all from any to $ipaddr $cmd add 70 allow all from any to any ##################### /etc/resolv.conf (maihost + jail) nameserver 192.168.2.1 ##################### # jls JID IP Address Hostname Path 1 10.0.0.1 jail1icinga.local /usr/jails/jail1icinga # jexec 1 csh root@jail1icinga:/ # ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8): 56 data bytes 64 bytes from 8.8.8.8: icmp_seq=3D0 ttl=3D124 time=3D16.328 ms 64 bytes from 8.8.8.8: icmp_seq=3D1 ttl=3D124 time=3D16.232 ms root@jail1icinga:/ # ping www.google.de ping: cannot resolve www.google.de: Host name lookup failure ####################### On a FreeBSD 12.0 / amd64 with the same config (copy) into the jail: ot # jexec 1 csh root@jail1icinga:/ # ping www.google.de PING www.google.de (172.217.16.131): 56 data bytes 64 bytes from 172.217.16.131: icmp_seq=3D0 ttl=3D57 time=3D17.520 ms 64 bytes from 172.217.16.131: icmp_seq=3D1 ttl=3D57 time=3D17.293 ms ^C --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-236523-7>