Date: Fri, 18 Jun 2010 12:19:58 +0200 From: David DEMELIER <demelier.david@gmail.com> To: freebsd-questions@freebsd.org Subject: Re: Problem filtering port between host and jail. Message-ID: <AANLkTimY50ANvSNbR9Xbty-RD1Hal8YUN9PCNL9j_xvQ@mail.gmail.com> In-Reply-To: <AANLkTimWP41RhxR24Y-Vupq-gqDvZApe-ryIGS6BnXi3@mail.gmail.com> References: <AANLkTimWP41RhxR24Y-Vupq-gqDvZApe-ryIGS6BnXi3@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
2010/6/17 David DEMELIER <demelier.david@gmail.com>: > Hi, > > Because I don't want to enable jail_sysvipc, I installed PostgreSQL on > my host and it works fine. The problem is accessing a database within > a jail. > The jails are nat'ed and they can connect to the Internet. However > trying psql -h 192.168.1.23 -U markand markanddb time out and said : > > psql: could not connect to server: Operation timed out > =C2=A0 =C2=A0 =C2=A0 =C2=A0Is the server running on host "192.168.1.23" a= nd accepting > =C2=A0 =C2=A0 =C2=A0 =C2=A0TCP/IP connections on port 5432? > > my /etc/pf.conf is like : > > # General macros. > ext_if=3D"rl0" > int_if=3D"lo1" > jails=3D"10.0.0.0/24" > host_ip =3D "192.168.1.23" > > # Nat for jails. > nat on $ext_if from $jails to any -> $ext_if > > # Redirecting and accepting ports to jails. > rdr pass inet proto tcp from any to port $ports_users -> $jail_users > rdr pass inet proto tcp from any to port $ports_www -> $jail_www > > # Filtering ports. > block log all > > # Filtering in. > pass in on $ext_if proto tcp from any to port $ports > > # Filtering out. > pass out all > > So I tried something like : > > pass out quick from $jails to host > > but it timeout too. With tcpdump I can see these messages : > > 00:00:12.202519 rule 0/0(match): block out on lo1: > markand.malikania.fr.postgresql > 10.0.0.30.33431: =C2=A0tcp 20 [bad hdr > length 0 - too short, < 20] > > I don't understand what i'm doing wrong here, if anyone can solve > this, it would be great! > > Kind regards. > > -- > Demelier David > Please ignore, I switched the jails to use the physical interface and now it works. --=20 Demelier David
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTimY50ANvSNbR9Xbty-RD1Hal8YUN9PCNL9j_xvQ>