ipnat.conf - map and rdr won't work!
Erik Norgaard
norgaard at locolomo.org
Thu Jul 15 22:55:17 UTC 2010
On 15/07/10 21.17, alexus wrote:
> On Wed, Jul 14, 2010 at 10:32 PM, alexus<alexus at gmail.com> wrote:
>> I can't put my mind around it, before reboot I was able to ssh in from
>> outside to my jail and right now I can't!
What did you change?
>> su-3.2# cat /etc/ipnat.rules
>> map fxp0 lama -> 0/32
>> rdr fxp0 64.52.58.58 port ssh -> lama port ssh tcp
What's that first rule supposed to do?
>> su-3.2# grep lama /etc/hosts
>> 172.16.172.16 lama
>> su-3.2# ifconfig
>> vr0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric
>> 0 mtu 1500
>> options=2808<VLAN_MTU,WOL_UCAST,WOL_MAGIC>
>> ether 00:19:5b:68:9b:01
>> inet 172.16.172.16 netmask 0xffffffff broadcast 172.16.172.16
>> media: Ethernet autoselect (none)
>> status: no carrier
>> fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
>> options=2009<RXCSUM,VLAN_MTU,WOL_MAGIC>
>> ether 00:0f:fe:aa:f4:61
>> inet 64.52.58.58 netmask 0xffffffe0 broadcast 64.52.58.63
>> media: Ethernet autoselect (100baseTX<full-duplex>)
>> status: active
Where is this? this "su-3.2" is a bit confusing, would be useful to set
your hostname to "jail" within the jail...
I think it is typical for jails to clone the loopback interface for this
setup.
>> su-3.2# jls
>> JID IP Address Hostname Path
>> 1 172.16.172.16 lama /usr/jail/lama
>>
>> and this is me from outside trying to ssh to my box and getting time out...
>>
>> mp:~ alexus$ ssh -v jothost.com
>> OpenSSH_5.2p1, OpenSSL 0.9.8l 5 Nov 2009
>> debug1: Reading configuration data /etc/ssh_config
>> debug1: Connecting to jothost.com [64.52.58.58] port 22.
>> debug1: connect to address 64.52.58.58 port 22: Operation timed out
>> ssh: connect to host jothost.com port 22: Operation timed out
Use tcpdump, you should see if your rdr/map rules work as expected.
Also, pfctl -ss and similar.
Can you ssh from the host system to the jail?
> anyone?
If nobody replies, maybe try to rephrase your question, investigate
further and provide additional information rather than just repost.
BR, Erik
More information about the freebsd-questions
mailing list