Date: Fri, 16 Jul 2010 00:55:11 +0200 From: Erik Norgaard <norgaard@locolomo.org> To: freebsd-questions@freebsd.org Subject: Re: ipnat.conf - map and rdr won't work! Message-ID: <4C3F91CF.5090206@locolomo.org> In-Reply-To: <AANLkTinh0CykJ1Av3f2THPDFOLS0YtYLDvRMHXm_wD3w@mail.gmail.com> References: <AANLkTilVTo36Fzdh2DKAQhRjyDj8MNUuV9dhwvQ7Gf-V@mail.gmail.com> <AANLkTinh0CykJ1Av3f2THPDFOLS0YtYLDvRMHXm_wD3w@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 15/07/10 21.17, alexus wrote: > On Wed, Jul 14, 2010 at 10:32 PM, alexus<alexus@gmail.com> wrote: >> I can't put my mind around it, before reboot I was able to ssh in from >> outside to my jail and right now I can't! What did you change? >> su-3.2# cat /etc/ipnat.rules >> map fxp0 lama -> 0/32 >> rdr fxp0 64.52.58.58 port ssh -> lama port ssh tcp What's that first rule supposed to do? >> su-3.2# grep lama /etc/hosts >> 172.16.172.16 lama >> su-3.2# ifconfig >> vr0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric >> 0 mtu 1500 >> options=2808<VLAN_MTU,WOL_UCAST,WOL_MAGIC> >> ether 00:19:5b:68:9b:01 >> inet 172.16.172.16 netmask 0xffffffff broadcast 172.16.172.16 >> media: Ethernet autoselect (none) >> status: no carrier >> fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 >> options=2009<RXCSUM,VLAN_MTU,WOL_MAGIC> >> ether 00:0f:fe:aa:f4:61 >> inet 64.52.58.58 netmask 0xffffffe0 broadcast 64.52.58.63 >> media: Ethernet autoselect (100baseTX<full-duplex>) >> status: active Where is this? this "su-3.2" is a bit confusing, would be useful to set your hostname to "jail" within the jail... I think it is typical for jails to clone the loopback interface for this setup. >> su-3.2# jls >> JID IP Address Hostname Path >> 1 172.16.172.16 lama /usr/jail/lama >> >> and this is me from outside trying to ssh to my box and getting time out... >> >> mp:~ alexus$ ssh -v jothost.com >> OpenSSH_5.2p1, OpenSSL 0.9.8l 5 Nov 2009 >> debug1: Reading configuration data /etc/ssh_config >> debug1: Connecting to jothost.com [64.52.58.58] port 22. >> debug1: connect to address 64.52.58.58 port 22: Operation timed out >> ssh: connect to host jothost.com port 22: Operation timed out Use tcpdump, you should see if your rdr/map rules work as expected. Also, pfctl -ss and similar. Can you ssh from the host system to the jail? > anyone? If nobody replies, maybe try to rephrase your question, investigate further and provide additional information rather than just repost. BR, Erik
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4C3F91CF.5090206>