Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 27 Feb 2018 10:07:09 +0100
From:      Peter Ludikovsky <peter@ludikovsky.name>
To:        freebsd-questions@freebsd.org,Kristof Provost <kristof@sigsegv.be>
Subject:   Re: UDP connections from NAT'ed jails
Message-ID:  <BF9D0686-A11D-4F4C-BFEF-38176E64F81B@ludikovsky.name>
In-Reply-To: <18932E8F-0FA3-4C0C-A507-3FB9AF9B8367@sigsegv.be>
References:  <8B3177FE-1FE5-4455-8F3C-CB5CE664B8C1@ludikovsky.name> <CB81FE3C-CA97-43DF-85D0-8C271C96DB9C@sigsegv.be> <6ADC216F-CD1E-4AFA-8E57-01E928BC2776@ludikovsky.name> <18932E8F-0FA3-4C0C-A507-3FB9AF9B8367@sigsegv.be>
next in thread | previous in thread | raw e-mail | index | archive | help 
No, nothing at all=2E But truss gave me the right idea: somehow a zero-with=
 char got into resolv=2Econf, and the resolver defaulted to 127=2E0=2E0=2E1=
, which won't work (yet)=2E

Thanks for your help!

Regards
/peter

Am 27=2E Februar 2018 05:23:39 MEZ schrieb Kristof Provost <kristof@sigseg=
v=2Ebe>:
>On 26 Feb 2018, at 20:20, Peter Ludikovsky wrote:
>> With the adapdation on the VM:
>>
>>     [peter@doctor ~]$ sudo service pf reload
>>     Reloading pf rules=2E
>>     [peter@doctor ~]$ cat /etc/pf=2Econf
>>     IP_PUB=3D"10=2E0=2E2=2E15"
>>     IP_JAIL=3D"192=2E168=2E5=2E2"
>>     NET_JAIL=3D"192=2E168=2E5=2E0/24"
>>     scrub in all
>>     #set skip on lo
>>     nat pass on em0 from $NET_JAIL to any -> $IP_PUB
>>     pass out keep state
>>     [peter@doctor ~]$ sudo pfctl -sn
>>     nat pass on em0 inet from 192=2E168=2E5=2E0/24 to any -> 10=2E0=2E2=
=2E15
>>     [peter@doctor ~]$ host pkg=2Efreebsd=2Eorg
>>     pkg=2Efreebsd=2Eorg is an alias for pkgmir=2Egeo=2Efreebsd=2Eorg=2E
>>     pkgmir=2Egeo=2Efreebsd=2Eorg has address 149=2E20=2E1=2E201
>>     pkgmir=2Egeo=2Efreebsd=2Eorg has IPv6 address 2001:4f8:1:11::50:1
>>
>> No change in the jail=2E
>>
>> tcpdump on the host shows resolution happening for the jail-host, but
>> nothing for the jail itself=2E
>>
>So you don=E2=80=99t see any UDP/DNS packets at all when the jail tries t=
o=20
>resolve a hostname?
>That=E2=80=99s certainly odd=2E
>
>Does `truss host google=2Ecom` in the jail show anything interesting?
>
>Regards,
>Kristof
>_______________________________________________
>freebsd-questions@freebsd=2Eorg mailing list
>https://lists=2Efreebsd=2Eorg/mailman/listinfo/freebsd-questions
>To unsubscribe, send any mail to
>"freebsd-questions-unsubscribe@freebsd=2Eorg"

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BF9D0686-A11D-4F4C-BFEF-38176E64F81B>