From owner-freebsd-questions@FreeBSD.ORG Thu Jul 15 22:55:17 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 303E61065670 for ; Thu, 15 Jul 2010 22:55:17 +0000 (UTC) (envelope-from norgaard@locolomo.org) Received: from mail.locolomo.org (97.pool85-48-194.static.orange.es [85.48.194.97]) by mx1.freebsd.org (Postfix) with ESMTP id D556F8FC0C for ; Thu, 15 Jul 2010 22:55:16 +0000 (UTC) Received: from beta.local (gateway01.m3-connect.de [88.79.237.11]) by mail.locolomo.org (Postfix) with ESMTPSA id 94B2F1C0871 for ; Fri, 16 Jul 2010 00:55:14 +0200 (CEST) Message-ID: <4C3F91CF.5090206@locolomo.org> Date: Fri, 16 Jul 2010 00:55:11 +0200 From: Erik Norgaard User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.2.4) Gecko/20100608 Lightning/1.0b2 Thunderbird/3.1 MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: ipnat.conf - map and rdr won't work! X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Jul 2010 22:55:17 -0000 On 15/07/10 21.17, alexus wrote: > On Wed, Jul 14, 2010 at 10:32 PM, alexus wrote: >> I can't put my mind around it, before reboot I was able to ssh in from >> outside to my jail and right now I can't! What did you change? >> su-3.2# cat /etc/ipnat.rules >> map fxp0 lama -> 0/32 >> rdr fxp0 64.52.58.58 port ssh -> lama port ssh tcp What's that first rule supposed to do? >> su-3.2# grep lama /etc/hosts >> 172.16.172.16 lama >> su-3.2# ifconfig >> vr0: flags=8943 metric >> 0 mtu 1500 >> options=2808 >> ether 00:19:5b:68:9b:01 >> inet 172.16.172.16 netmask 0xffffffff broadcast 172.16.172.16 >> media: Ethernet autoselect (none) >> status: no carrier >> fxp0: flags=8843 metric 0 mtu 1500 >> options=2009 >> ether 00:0f:fe:aa:f4:61 >> inet 64.52.58.58 netmask 0xffffffe0 broadcast 64.52.58.63 >> media: Ethernet autoselect (100baseTX) >> status: active Where is this? this "su-3.2" is a bit confusing, would be useful to set your hostname to "jail" within the jail... I think it is typical for jails to clone the loopback interface for this setup. >> su-3.2# jls >> JID IP Address Hostname Path >> 1 172.16.172.16 lama /usr/jail/lama >> >> and this is me from outside trying to ssh to my box and getting time out... >> >> mp:~ alexus$ ssh -v jothost.com >> OpenSSH_5.2p1, OpenSSL 0.9.8l 5 Nov 2009 >> debug1: Reading configuration data /etc/ssh_config >> debug1: Connecting to jothost.com [64.52.58.58] port 22. >> debug1: connect to address 64.52.58.58 port 22: Operation timed out >> ssh: connect to host jothost.com port 22: Operation timed out Use tcpdump, you should see if your rdr/map rules work as expected. Also, pfctl -ss and similar. Can you ssh from the host system to the jail? > anyone? If nobody replies, maybe try to rephrase your question, investigate further and provide additional information rather than just repost. BR, Erik