From owner-freebsd-questions@FreeBSD.ORG Mon Nov 24 18:44:55 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 316BE16A4CE for ; Mon, 24 Nov 2003 18:44:55 -0800 (PST) Received: from poecilotheria.netmails.net (netmails.net [12.96.164.138]) by mx1.FreeBSD.org (Postfix) with SMTP id 3648943FEA for ; Mon, 24 Nov 2003 18:44:54 -0800 (PST) (envelope-from subscr@poecilotheria.netmails.net) Received: (qmail 58444 invoked by uid 1012); 25 Nov 2003 02:44:53 -0000 Date: Mon, 24 Nov 2003 20:44:53 -0600 From: Hari Bhaskaran To: freebsd-questions@freebsd.org Message-ID: <20031125024453.GA58276@poecilotheria.netmails.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4i Subject: Problem with 4.8 + jail + natd X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Nov 2003 02:44:55 -0000 Hi, I have a jail setup on 4.8-p13 with host natd-ing as usual for the jailed virtual m/cs. For no apparent reason, NATD from internal jailed environment to outside stopped suddenly. The port forwarding from host to jail env-s were still working fine. Although a reboot fixed the problem, I am still trying to figure out if this was a problem with my setup or not. The machine was running fine for a while, although I wouldn't know for sure when it started failing (I haven't done any outgoing ftp/ssh/fetch anything from the jailed env-s for a while) Here is my natd config. rdr rl0 192.168.2.3/32 port 40961 -> 172.16.1.1 port 40961 rdr rl0 192.168.2.3/32 port 40962 -> 172.16.1.2 port 40962 rdr rl0 192.168.2.3/32 port 63788 -> 172.16.1.2 port 63788 rdr rl0 192.168.2.3/32 port 40963 -> 172.16.1.3 port 40963 rdr rl0 192.168.2.3/32 port 40964 -> 172.16.1.3 port 40964 rdr rl0 192.168.2.3/32 port 5901 -> 172.16.1.3 port 5901 map rl0 172.16.1.0/24 -> 0/32 ipf firewall is enabled - however, it is an empty set. pass in quick on lo0 all pass in quick on rl0 all pass out quick on lo0 all pass out quick on rl0 all Where do I start looking to identify this issue? The only thing that I could find in my /var/log related to network was occasional messages from dhclient Nov 21 09:31:48 mach00 dhclient: New Network Number: 192.168.2.0 Nov 21 09:31:48 mach00 dhclient: New Broadcast Address: 192.168.2.255 Nov 22 13:31:15 mach00 dhclient: New Network Number: 192.168.2.0 Nov 22 13:31:15 mach00 dhclient: New Broadcast Address: 192.168.2.255 Nov 23 17:33:44 mach00 dhclient: New Network Number: 192.168.2.0 Nov 23 17:33:44 mach00 dhclient: New Broadcast Address: 192.168.2.255 Although I am running DHCP for a main host's IP, it never changes (and has never changed) Any help is appreciated. -- Hari Bhaskaran