Date: Tue, 17 Oct 2023 19:14:57 +0300 From: Odhiambo Washington <odhiambo@gmail.com> To: Paul Procacci <pprocacci@gmail.com> Cc: freebsd-virtualization@freebsd.org Subject: Re: Running a webserver inside a bhyve host and exposing it to the world via PF Message-ID: <CAAdA2WNWVfE1vRo_QqYcWx6UaKXov4h3rvt=n7vSWUhNHbMvTQ@mail.gmail.com> In-Reply-To: <CAFbbPuiRLC0F93JMybdk2sFzJ2X_o5JqkQo3trd91LoZeusXqA@mail.gmail.com> References: <CAAdA2WNzTb6Fvk=Z%2BtAx376mBRztgxY_M75aXBzDFN1bb9yOuQ@mail.gmail.com> <CAFbbPuiRLC0F93JMybdk2sFzJ2X_o5JqkQo3trd91LoZeusXqA@mail.gmail.com>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] On Tue, Oct 17, 2023 at 6:03 PM Paul Procacci <pprocacci@gmail.com> wrote: > > > On Tue, Oct 17, 2023 at 10:01 AM Odhiambo Washington <odhiambo@gmail.com> > wrote: > >> I am stuck on how I can achieve this. >> I have a Linux VM running under bhyve. I have installed a webserver >> running on port 80 that I'd like to expose to the outside world. >> I am unable to figure out how to achieve this with PF running on the host >> machine. >> >> 1. I am able to access my VM using VNC Viewer >> 2. My VM is able to access the Internet >> 3. I am NOT able to ping my VM from the host >> 4. I am unable to SSH into the VM from the host. >> >> My hunch tells me it's about my PF.conf, but is there a guide somewhere >> on achieving the above? >> >> >> -- >> Best regards, >> Odhiambo WASHINGTON, >> Nairobi,KE >> +254 7 3200 0004/+254 7 2274 3223 >> "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-) >> [How to ask smart questions: >> http://www.catb.org/~esr/faqs/smart-questions.html] >> > > Care to share what you tried with your PF.conf? > > It should be something as simple as: > rdr on <interface> proto tcp from <source host> to <physical host> port > <physical port> -> <internal host> port <internal port> > What I have is: rdr pass on $ext_if inet proto tcp from any to any port { 8081, 8999 } -> 172.16.0.3 port 80 I have stumbled upon something that I need to figure out first. Not sure if I am making some obvious mistake. I am running dnsmasq to dish out IPs and DNS to the VMs. If I let a VM get an IP via DHCP, I am able to ping it from the host and even access services on it. However, if I assign an IP to the VM manually, I am not able to ping or access a service on it from the host. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-) [How to ask smart questions: http://www.catb.org/~esr/faqs/smart-questions.html] [-- Attachment #2 --] <div dir="ltr"><div dir="ltr"><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Oct 17, 2023 at 6:03 PM Paul Procacci <<a href="mailto:pprocacci@gmail.com">pprocacci@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div><div dir="ltr"><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Oct 17, 2023 at 10:01 AM Odhiambo Washington <<a href="mailto:odhiambo@gmail.com" target="_blank">odhiambo@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">I am stuck on how I can achieve this.<div>I have a Linux VM running under bhyve. I have installed a webserver running on port 80 that I'd like to expose to the outside world.</div><div>I am unable to figure out how to achieve this with PF running on the host machine.</div><div><br></div><div>1. I am able to access my VM using VNC Viewer</div><div>2. My VM is able to access the Internet</div><div>3. I am NOT able to ping my VM from the host</div><div>4. I am unable to SSH into the VM from the host. </div><div><br></div><div>My hunch tells me it's about my PF.conf, but is there a guide somewhere on achieving the above?</div><div><br clear="all"><div><br></div><span class="gmail_signature_prefix">-- </span><br><div dir="ltr" class="gmail_signature"><div dir="ltr"><div dir="ltr"><div>Best regards,<br>Odhiambo WASHINGTON,<br>Nairobi,KE<br>+254 7 3200 0004/+254 7 2274 3223<br>"<span style="font-size:12.8px">Oh, the cruft.</span><span style="font-size:12.8px">", </span><span style="font-size:12.8px">egrep -v '^$|^.*#' </span><span style="background-color:rgb(34,34,34);color:rgb(238,238,238);font-family:"Lucida Console",Consolas,"Courier New",monospace;font-size:13.6px">¯\_(ツ)_/¯</span><span style="font-size:12.8px"> :-)</span></div><div><span style="font-size:12.8px">[How to ask smart questions: </span><span style="font-size:12.8px"><a href="http://www.catb.org/~esr/faqs/smart-questions.html" target="_blank">http://www.catb.org/~esr/faqs/smart-questions.html</a>]</span></div></div></div></div></div></div>; </blockquote></div><br clear="all"></div><div>Care to share what you tried with your PF.conf?</div><div><br>It should be something as simple as:<br>rdr on <interface> proto tcp from <source host> to <physical host> port <physical port> -> <internal host> port <internal port><br></div></div></blockquote><div class="gmail_quote"><br></div>What I have is:</div><div class="gmail_quote"><br>rdr pass on $ext_if inet proto tcp from any to any port { 8081, 8999 } -> 172.16.0.3 port 80</div><div class="gmail_quote"><br></div><div class="gmail_quote">I have stumbled upon something that I need to figure out first. Not sure if I am making some obvious mistake.</div><div class="gmail_quote">I am running dnsmasq to dish out IPs and DNS to the VMs.</div><div class="gmail_quote">If I let a VM get an IP via DHCP, I am able to ping it from the host and even access services on it.</div><div class="gmail_quote">However, if I assign an IP to the VM manually, I am not able to ping or access a service on it from the host.</div><div class="gmail_quote"><div></div></div><div><br></div><div><div><br></div><span class="gmail_signature_prefix">-- </span><br><div dir="ltr" class="gmail_signature"><div dir="ltr"><div dir="ltr"><div>Best regards,<br>Odhiambo WASHINGTON,<br>Nairobi,KE<br>+254 7 3200 0004/+254 7 2274 3223<br>"<span style="font-size:12.8px">Oh, the cruft.</span><span style="font-size:12.8px">", </span><span style="font-size:12.8px">egrep -v '^$|^.*#' </span><span style="background-color:rgb(34,34,34);color:rgb(238,238,238);font-family:"Lucida Console",Consolas,"Courier New",monospace;font-size:13.6px">¯\_(ツ)_/¯</span><span style="font-size:12.8px"> :-)</span></div><div><span style="font-size:12.8px">[How to ask smart questions: </span><span style="font-size:12.8px"><a href="http://www.catb.org/~esr/faqs/smart-questions.html" target="_blank">http://www.catb.org/~esr/faqs/smart-questions.html</a>]</span></div></div></div></div></div></div>;help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAAdA2WNWVfE1vRo_QqYcWx6UaKXov4h3rvt=n7vSWUhNHbMvTQ>