UDP connections from NAT'ed jails
Peter Ludikovsky
peter at ludikovsky.name
Tue Feb 27 09:11:10 UTC 2018
No, nothing at all. But truss gave me the right idea: somehow a zero-with char got into resolv.conf, and the resolver defaulted to 127.0.0.1, which won't work (yet).
Thanks for your help!
Regards
/peter
Am 27. Februar 2018 05:23:39 MEZ schrieb Kristof Provost <kristof at sigsegv.be>:
>On 26 Feb 2018, at 20:20, Peter Ludikovsky wrote:
>> With the adapdation on the VM:
>>
>> [peter at doctor ~]$ sudo service pf reload
>> Reloading pf rules.
>> [peter at doctor ~]$ cat /etc/pf.conf
>> IP_PUB="10.0.2.15"
>> IP_JAIL="192.168.5.2"
>> NET_JAIL="192.168.5.0/24"
>> scrub in all
>> #set skip on lo
>> nat pass on em0 from $NET_JAIL to any -> $IP_PUB
>> pass out keep state
>> [peter at doctor ~]$ sudo pfctl -sn
>> nat pass on em0 inet from 192.168.5.0/24 to any -> 10.0.2.15
>> [peter at doctor ~]$ host pkg.freebsd.org
>> pkg.freebsd.org is an alias for pkgmir.geo.freebsd.org.
>> pkgmir.geo.freebsd.org has address 149.20.1.201
>> pkgmir.geo.freebsd.org has IPv6 address 2001:4f8:1:11::50:1
>>
>> No change in the jail.
>>
>> tcpdump on the host shows resolution happening for the jail-host, but
>> nothing for the jail itself.
>>
>So you don’t see any UDP/DNS packets at all when the jail tries to
>resolve a hostname?
>That’s certainly odd.
>
>Does `truss host google.com` in the jail show anything interesting?
>
>Regards,
>Kristof
>_______________________________________________
>freebsd-questions at freebsd.org mailing list
>https://lists.freebsd.org/mailman/listinfo/freebsd-questions
>To unsubscribe, send any mail to
>"freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions
mailing list