Date: Tue, 27 Feb 2018 23:46:15 +0100 From: Peter Ludikovsky <peter@ludikovsky.name> To: krad <kraduk@gmail.com> Cc: FreeBSD Questions <freebsd-questions@freebsd.org>, Kristof Provost <kristof@sigsegv.be> Subject: Re: UDP connections from NAT'ed jails Message-ID: <EB051654-4395-4E41-A9D6-5A2B5F624B6E@ludikovsky.name> In-Reply-To: <CALfReycc6D90fm_NctZrjLR69VKFGVa=bMQt58dmZC=QUpdTxw@mail.gmail.com> References: <8B3177FE-1FE5-4455-8F3C-CB5CE664B8C1@ludikovsky.name> <CB81FE3C-CA97-43DF-85D0-8C271C96DB9C@sigsegv.be> <6ADC216F-CD1E-4AFA-8E57-01E928BC2776@ludikovsky.name> <18932E8F-0FA3-4C0C-A507-3FB9AF9B8367@sigsegv.be> <BF9D0686-A11D-4F4C-BFEF-38176E64F81B@ludikovsky.name> <CALfReycc6D90fm_NctZrjLR69VKFGVa=bMQt58dmZC=QUpdTxw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Need? No. Just one more thing for me to get experience with, as I do want to run some jails later on that shouldn't be directly accessible, eg. DB. Am 27. Februar 2018 12:30:54 MEZ schrieb krad <kraduk@gmail.com>: >Just checking but do you need/want to run the jails in natted mode? I >ask >as its a lot simpler to setup jails with vimage and a bridged >interface. > >On 27 February 2018 at 09:07, Peter Ludikovsky <peter@ludikovsky.name> >wrote: > >> No, nothing at all. But truss gave me the right idea: somehow a >zero-with >> char got into resolv.conf, and the resolver defaulted to 127.0.0.1, >which >> won't work (yet). >> >> Thanks for your help! >> >> Regards >> /peter >> >> Am 27. Februar 2018 05:23:39 MEZ schrieb Kristof Provost < >> kristof@sigsegv.be>: >> >On 26 Feb 2018, at 20:20, Peter Ludikovsky wrote: >> >> With the adapdation on the VM: >> >> >> >> [peter@doctor ~]$ sudo service pf reload >> >> Reloading pf rules. >> >> [peter@doctor ~]$ cat /etc/pf.conf >> >> IP_PUB="10.0.2.15" >> >> IP_JAIL="192.168.5.2" >> >> NET_JAIL="192.168.5.0/24" >> >> scrub in all >> >> #set skip on lo >> >> nat pass on em0 from $NET_JAIL to any -> $IP_PUB >> >> pass out keep state >> >> [peter@doctor ~]$ sudo pfctl -sn >> >> nat pass on em0 inet from 192.168.5.0/24 to any -> 10.0.2.15 >> >> [peter@doctor ~]$ host pkg.freebsd.org >> >> pkg.freebsd.org is an alias for pkgmir.geo.freebsd.org. >> >> pkgmir.geo.freebsd.org has address 149.20.1.201 >> >> pkgmir.geo.freebsd.org has IPv6 address 2001:4f8:1:11::50:1 >> >> >> >> No change in the jail. >> >> >> >> tcpdump on the host shows resolution happening for the jail-host, >but >> >> nothing for the jail itself. >> >> >> >So you don’t see any UDP/DNS packets at all when the jail tries to >> >resolve a hostname? >> >That’s certainly odd. >> > >> >Does `truss host google.com` in the jail show anything interesting? >> > >> >Regards, >> >Kristof >> >_______________________________________________ >> >freebsd-questions@freebsd.org mailing list >> >https://lists.freebsd.org/mailman/listinfo/freebsd-questions >> >To unsubscribe, send any mail to >> >"freebsd-questions-unsubscribe@freebsd.org" >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to "freebsd-questions- >> unsubscribe@freebsd.org" >>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?EB051654-4395-4E41-A9D6-5A2B5F624B6E>