From owner-freebsd-questions@freebsd.org Tue Feb 27 11:30:56 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 05660F3C6B2 for ; Tue, 27 Feb 2018 11:30:56 +0000 (UTC) (envelope-from kraduk@gmail.com) Received: from mail-it0-x241.google.com (mail-it0-x241.google.com [IPv6:2607:f8b0:4001:c0b::241]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 949C87058F for ; Tue, 27 Feb 2018 11:30:55 +0000 (UTC) (envelope-from kraduk@gmail.com) Received: by mail-it0-x241.google.com with SMTP id v194so14931514itb.0 for ; Tue, 27 Feb 2018 03:30:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=QA0ivF43NKXly6B7ODeZptBqwhLxvGRvolYQ5nDzs7A=; b=lFom42AqzB0fZgT8SdUbGBL/L38V6bQo6wKVTgzLQKkvisS90gIvzPhtV0SGG6jXZ4 U3M04UhdCFWa4aL/LHFz8J35vKeEsEoPNx0DhP7Vt8Lg4h7hgmaoyITwC/9LofbsNSYJ bJjMZvDg/HNVtOLpcLnwKzJL3j4eFTXsmk4D6i2oXqRiT9/Y4fR1RU9H2kDq+6yPKf9B 0q8e8y6arNJF5dU/iN1p7YG+aEygp0E47JEWECv9iqesXx5cUMhQpbfl3L4tdEMW6a8I Pao/XLC7I9dOtvSO9ASwcXIcMAWwG6X3Zc2E4WeieoXj2dG7cnCGy7cb8ZafNcg4kLow /qZg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=QA0ivF43NKXly6B7ODeZptBqwhLxvGRvolYQ5nDzs7A=; b=lJIBIP2t/KjaB5WTeV736OH4T9/I/+o7lFRmjXMJ+WzLweqSE383pZ2aAaQqft8Vaz Ppf13c94R2LQvlYHOsjHhbqjAy6aFN5B9ZX8TGYOfOIY3cBoaN8VOdbeg1qwl4oshZrE BGyVd1BCUuVt6kCGy/tvHShF+UwEZ2J0PRMYcVmH4ZiW7+H3sXsZkxZj01bALhk6dywo 7EIhqHVp3syS+xxXjoq1V62+BudFp4Vt/GBlaWhingrrjgvb9X5HrQaVMhdPBIg/4M8Y oI7kABNi2ah11JaQBGOMaaXR2VI8D5/AsemU3IIICeblC5whQaDS7V38/JUED1oh2N63 o3kA== X-Gm-Message-State: APf1xPB6za2n0BQCKZEgGQvM5vUZzCuYL1QcPoTFcCpbO7XLZSDRu+wm UFgNGGSplhbmUWuzD90Bki1D6I8jp38eZ7gL6qQ= X-Google-Smtp-Source: AG47ELtC7mHPaYeiBb6Q/m0CD8HSJYlQfItPwH8SYTpoeN5E5Y20HJnLs4uBMgaamLL+4fYs+cvmRJTsWT0MTvPo/a8= X-Received: by 10.36.41.67 with SMTP id p64mr15947358itp.123.1519731054975; Tue, 27 Feb 2018 03:30:54 -0800 (PST) MIME-Version: 1.0 Received: by 10.2.73.79 with HTTP; Tue, 27 Feb 2018 03:30:54 -0800 (PST) In-Reply-To: References: <8B3177FE-1FE5-4455-8F3C-CB5CE664B8C1@ludikovsky.name> <6ADC216F-CD1E-4AFA-8E57-01E928BC2776@ludikovsky.name> <18932E8F-0FA3-4C0C-A507-3FB9AF9B8367@sigsegv.be> From: krad Date: Tue, 27 Feb 2018 11:30:54 +0000 Message-ID: Subject: Re: UDP connections from NAT'ed jails To: Peter Ludikovsky Cc: FreeBSD Questions , Kristof Provost Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Feb 2018 11:30:56 -0000 Just checking but do you need/want to run the jails in natted mode? I ask as its a lot simpler to setup jails with vimage and a bridged interface. On 27 February 2018 at 09:07, Peter Ludikovsky wrote: > No, nothing at all. But truss gave me the right idea: somehow a zero-with > char got into resolv.conf, and the resolver defaulted to 127.0.0.1, which > won't work (yet). > > Thanks for your help! > > Regards > /peter > > Am 27. Februar 2018 05:23:39 MEZ schrieb Kristof Provost < > kristof@sigsegv.be>: > >On 26 Feb 2018, at 20:20, Peter Ludikovsky wrote: > >> With the adapdation on the VM: > >> > >> [peter@doctor ~]$ sudo service pf reload > >> Reloading pf rules. > >> [peter@doctor ~]$ cat /etc/pf.conf > >> IP_PUB=3D"10.0.2.15" > >> IP_JAIL=3D"192.168.5.2" > >> NET_JAIL=3D"192.168.5.0/24" > >> scrub in all > >> #set skip on lo > >> nat pass on em0 from $NET_JAIL to any -> $IP_PUB > >> pass out keep state > >> [peter@doctor ~]$ sudo pfctl -sn > >> nat pass on em0 inet from 192.168.5.0/24 to any -> 10.0.2.15 > >> [peter@doctor ~]$ host pkg.freebsd.org > >> pkg.freebsd.org is an alias for pkgmir.geo.freebsd.org. > >> pkgmir.geo.freebsd.org has address 149.20.1.201 > >> pkgmir.geo.freebsd.org has IPv6 address 2001:4f8:1:11::50:1 > >> > >> No change in the jail. > >> > >> tcpdump on the host shows resolution happening for the jail-host, but > >> nothing for the jail itself. > >> > >So you don=E2=80=99t see any UDP/DNS packets at all when the jail tries = to > >resolve a hostname? > >That=E2=80=99s certainly odd. > > > >Does `truss host google.com` in the jail show anything interesting? > > > >Regards, > >Kristof > >_______________________________________________ > >freebsd-questions@freebsd.org mailing list > >https://lists.freebsd.org/mailman/listinfo/freebsd-questions > >To unsubscribe, send any mail to > >"freebsd-questions-unsubscribe@freebsd.org" > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions- > unsubscribe@freebsd.org" >