Date: Tue, 17 Oct 2023 19:14:57 +0300 From: Odhiambo Washington <odhiambo@gmail.com> To: Paul Procacci <pprocacci@gmail.com> Cc: freebsd-virtualization@freebsd.org Subject: Re: Running a webserver inside a bhyve host and exposing it to the world via PF Message-ID: <CAAdA2WNWVfE1vRo_QqYcWx6UaKXov4h3rvt=n7vSWUhNHbMvTQ@mail.gmail.com> In-Reply-To: <CAFbbPuiRLC0F93JMybdk2sFzJ2X_o5JqkQo3trd91LoZeusXqA@mail.gmail.com> References: <CAAdA2WNzTb6Fvk=Z%2BtAx376mBRztgxY_M75aXBzDFN1bb9yOuQ@mail.gmail.com> <CAFbbPuiRLC0F93JMybdk2sFzJ2X_o5JqkQo3trd91LoZeusXqA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--0000000000002368070607ebd51d Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Tue, Oct 17, 2023 at 6:03=E2=80=AFPM Paul Procacci <pprocacci@gmail.com>= wrote: > > > On Tue, Oct 17, 2023 at 10:01=E2=80=AFAM Odhiambo Washington <odhiambo@gm= ail.com> > wrote: > >> I am stuck on how I can achieve this. >> I have a Linux VM running under bhyve. I have installed a webserver >> running on port 80 that I'd like to expose to the outside world. >> I am unable to figure out how to achieve this with PF running on the hos= t >> machine. >> >> 1. I am able to access my VM using VNC Viewer >> 2. My VM is able to access the Internet >> 3. I am NOT able to ping my VM from the host >> 4. I am unable to SSH into the VM from the host. >> >> My hunch tells me it's about my PF.conf, but is there a guide somewhere >> on achieving the above? >> >> >> -- >> Best regards, >> Odhiambo WASHINGTON, >> Nairobi,KE >> +254 7 3200 0004/+254 7 2274 3223 >> "Oh, the cruft.", egrep -v '^$|^.*#' =C2=AF\_(=E3=83=84)_/=C2=AF :-) >> [How to ask smart questions: >> http://www.catb.org/~esr/faqs/smart-questions.html] >> > > Care to share what you tried with your PF.conf? > > It should be something as simple as: > rdr on <interface> proto tcp from <source host> to <physical host> port > <physical port> -> <internal host> port <internal port> > What I have is: rdr pass on $ext_if inet proto tcp from any to any port { 8081, 8999 } -> 172.16.0.3 port 80 I have stumbled upon something that I need to figure out first. Not sure if I am making some obvious mistake. I am running dnsmasq to dish out IPs and DNS to the VMs. If I let a VM get an IP via DHCP, I am able to ping it from the host and even access services on it. However, if I assign an IP to the VM manually, I am not able to ping or access a service on it from the host. --=20 Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", egrep -v '^$|^.*#' =C2=AF\_(=E3=83=84)_/=C2=AF :-) [How to ask smart questions: http://www.catb.org/~esr/faqs/smart-questions.html] --0000000000002368070607ebd51d Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable <div dir=3D"ltr"><div dir=3D"ltr"><br></div><br><div class=3D"gmail_quote">= <div dir=3D"ltr" class=3D"gmail_attr">On Tue, Oct 17, 2023 at 6:03=E2=80=AF= PM Paul Procacci <<a href=3D"mailto:pprocacci@gmail.com">pprocacci@gmail= .com</a>> wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"mar= gin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1= ex"><div dir=3D"ltr"><div><div dir=3D"ltr"><br></div><br><div class=3D"gmai= l_quote"><div dir=3D"ltr" class=3D"gmail_attr">On Tue, Oct 17, 2023 at 10:0= 1=E2=80=AFAM Odhiambo Washington <<a href=3D"mailto:odhiambo@gmail.com" = target=3D"_blank">odhiambo@gmail.com</a>> wrote:<br></div><blockquote cl= ass=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid= rgb(204,204,204);padding-left:1ex"><div dir=3D"ltr">I am stuck on how I ca= n achieve this.<div>I have a Linux=C2=A0VM running under bhyve. I have inst= alled a webserver running on port=C2=A080 that I'd like to expose to th= e outside world.</div><div>I am unable to figure out how to achieve this wi= th PF running on the host machine.</div><div><br></div><div>1. I am able to= access my VM using VNC Viewer</div><div>2. My VM is able to access the Int= ernet</div><div>3. I am NOT able to ping my VM from the host</div><div>4. I= am unable to SSH into the VM from the host.=C2=A0</div><div><br></div><div= >My hunch tells me it's about my PF.conf, but is there a guide somewher= e on achieving the above?</div><div><br clear=3D"all"><div><br></div><span = class=3D"gmail_signature_prefix">-- </span><br><div dir=3D"ltr" class=3D"gm= ail_signature"><div dir=3D"ltr"><div dir=3D"ltr"><div>Best regards,<br>Odhi= ambo WASHINGTON,<br>Nairobi,KE<br>+254 7 3200 0004/+254 7 2274 3223<br>&quo= t;<span style=3D"font-size:12.8px">Oh, the cruft.</span><span style=3D"font= -size:12.8px">",=C2=A0</span><span style=3D"font-size:12.8px">egrep -v= '^$|^.*#'=C2=A0</span><span style=3D"background-color:rgb(34,34,34= );color:rgb(238,238,238);font-family:"Lucida Console",Consolas,&q= uot;Courier New",monospace;font-size:13.6px">=C2=AF\_(=E3=83=84)_/=C2= =AF</span><span style=3D"font-size:12.8px">=C2=A0:-)</span></div><div><span= style=3D"font-size:12.8px">[How to ask smart questions:=C2=A0</span><span = style=3D"font-size:12.8px"><a href=3D"http://www.catb.org/~esr/faqs/smart-q= uestions.html" target=3D"_blank">http://www.catb.org/~esr/faqs/smart-questi= ons.html</a>]</span></div></div></div></div></div></div> </blockquote></div><br clear=3D"all"></div><div>Care to share what you trie= d with your PF.conf?</div><div><br>It should be something as simple as:<br>= rdr on <interface> proto tcp from <source host> to <physical= host> port <physical port> -> <internal host> port <i= nternal port><br></div></div></blockquote><div class=3D"gmail_quote"><br= ></div>What I have is:</div><div class=3D"gmail_quote"><br>rdr pass on $ext= _if inet proto tcp from any to any port { 8081, 8999 } -> 172.16.0.3 por= t 80</div><div class=3D"gmail_quote"><br></div><div class=3D"gmail_quote">I= have stumbled upon something that I need to figure out first. Not sure if = I am making some obvious mistake.</div><div class=3D"gmail_quote">I am runn= ing dnsmasq to dish out IPs and DNS to the VMs.</div><div class=3D"gmail_qu= ote">If I let a VM get an IP via DHCP, I am able to ping it from the host a= nd even access services on it.</div><div class=3D"gmail_quote">However, if = I assign an IP to the VM manually, I am not able to ping or access a servic= e on it from the host.</div><div class=3D"gmail_quote"><div></div></div><di= v><br></div><div><div><br></div><span class=3D"gmail_signature_prefix">-- <= /span><br><div dir=3D"ltr" class=3D"gmail_signature"><div dir=3D"ltr"><div = dir=3D"ltr"><div>Best regards,<br>Odhiambo WASHINGTON,<br>Nairobi,KE<br>+25= 4 7 3200 0004/+254 7 2274 3223<br>"<span style=3D"font-size:12.8px">Oh= , the cruft.</span><span style=3D"font-size:12.8px">",=C2=A0</span><sp= an style=3D"font-size:12.8px">egrep -v '^$|^.*#'=C2=A0</span><span = style=3D"background-color:rgb(34,34,34);color:rgb(238,238,238);font-family:= "Lucida Console",Consolas,"Courier New",monospace;font-= size:13.6px">=C2=AF\_(=E3=83=84)_/=C2=AF</span><span style=3D"font-size:12.= 8px">=C2=A0:-)</span></div><div><span style=3D"font-size:12.8px">[How to as= k smart questions:=C2=A0</span><span style=3D"font-size:12.8px"><a href=3D"= http://www.catb.org/~esr/faqs/smart-questions.html" target=3D"_blank">http:= //www.catb.org/~esr/faqs/smart-questions.html</a>]</span></div></div></div>= </div></div></div> --0000000000002368070607ebd51d--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAAdA2WNWVfE1vRo_QqYcWx6UaKXov4h3rvt=n7vSWUhNHbMvTQ>