ipnat.conf - map and rdr won't work!
alexus at gmail.com
Fri Jul 16 00:56:55 UTC 2010
On Thu, Jul 15, 2010 at 6:55 PM, Erik Norgaard <norgaard at locolomo.org> wrote:
> On 15/07/10 21.17, alexus wrote:
>> On Wed, Jul 14, 2010 at 10:32 PM, alexus<alexus at gmail.com> wrote:
>>> I can't put my mind around it, before reboot I was able to ssh in from
>>> outside to my jail and right now I can't!
> What did you change?
as far as know nothing was changed, that's why i can't wrap my mind
around it why did it stop working all of the sudden and i reboot my
box in the past yet everything was working as expected.
>>> su-3.2# cat /etc/ipnat.rules
>>> map fxp0 lama -> 0/32
>>> rdr fxp0 22.214.171.124 port ssh -> lama port ssh tcp
> What's that first rule supposed to do?
provides a NAT within jail
>>> su-3.2# grep lama /etc/hosts
>>> 172.16.172.16 lama
>>> su-3.2# ifconfig
>>> vr0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric
>>> 0 mtu 1500
>>> ether 00:19:5b:68:9b:01
>>> inet 172.16.172.16 netmask 0xffffffff broadcast 172.16.172.16
>>> media: Ethernet autoselect (none)
>>> status: no carrier
>>> fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu
>>> ether 00:0f:fe:aa:f4:61
>>> inet 126.96.36.199 netmask 0xffffffe0 broadcast 188.8.131.52
>>> media: Ethernet autoselect (100baseTX<full-duplex>)
>>> status: active
> Where is this? this "su-3.2" is a bit confusing, would be useful to set your
> hostname to "jail" within the jail...
su-3.2 is a host environment where jail is hosted
> I think it is typical for jails to clone the loopback interface for this
not sure what you mean by this...
if you referring this statement as if you though this is jail itself
this is not jail this is host environment (where jail is hosted)
>>> su-3.2# jls
>>> JID IP Address Hostname Path
>>> 1 172.16.172.16 lama /usr/jail/lama
>>> and this is me from outside trying to ssh to my box and getting time
>>> mp:~ alexus$ ssh -v jothost.com
>>> OpenSSH_5.2p1, OpenSSL 0.9.8l 5 Nov 2009
>>> debug1: Reading configuration data /etc/ssh_config
>>> debug1: Connecting to jothost.com [184.108.40.206] port 22.
>>> debug1: connect to address 220.127.116.11 port 22: Operation timed out
>>> ssh: connect to host jothost.com port 22: Operation timed out
> Use tcpdump, you should see if your rdr/map rules work as expected. Also,
> pfctl -ss and similar.
su-3.2# pfctl -ss
pfctl: /dev/pf: No such file or directory
i don't know how to use tcpdump, can you provide exact syntax so i can run it?
whenever I try to ssh from outside ipnat -l shows following (last line
under active sessions):
su-3.2# ipnat -l
List of active MAP/Redirect filters:
map fxp0 172.16.172.16/32 -> 0.0.0.0/32
rdr fxp0 18.104.22.168/32 port 22 -> 172.16.172.16 port 22 tcp
List of active sessions:
RDR 172.16.172.16 22 <- -> 22.214.171.124 22 [126.96.36.199 50715]
> Can you ssh from the host system to the jail?
yes, it takes a bit long but that's due to map rule inside of
ipnat.conf isn't working either as rdr doesn't work
> If nobody replies, maybe try to rephrase your question, investigate further
> and provide additional information rather than just repost.
i was under impression that i pretty much covered all basis, or at
least i thought i so ... apparently not...
but if you do feel that you need any additional information i'll be
more then happy to provide it for you.
thanks in advance
> BR, Erik
> freebsd-questions at freebsd.org mailing list
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions