UDP connections from NAT'ed jails

Peter Ludikovsky peter at ludikovsky.name
Tue Feb 27 09:11:10 UTC 2018


No, nothing at all. But truss gave me the right idea: somehow a zero-with char got into resolv.conf, and the resolver defaulted to 127.0.0.1, which won't work (yet).

Thanks for your help!

Regards
/peter

Am 27. Februar 2018 05:23:39 MEZ schrieb Kristof Provost <kristof at sigsegv.be>:
>On 26 Feb 2018, at 20:20, Peter Ludikovsky wrote:
>> With the adapdation on the VM:
>>
>>     [peter at doctor ~]$ sudo service pf reload
>>     Reloading pf rules.
>>     [peter at doctor ~]$ cat /etc/pf.conf
>>     IP_PUB="10.0.2.15"
>>     IP_JAIL="192.168.5.2"
>>     NET_JAIL="192.168.5.0/24"
>>     scrub in all
>>     #set skip on lo
>>     nat pass on em0 from $NET_JAIL to any -> $IP_PUB
>>     pass out keep state
>>     [peter at doctor ~]$ sudo pfctl -sn
>>     nat pass on em0 inet from 192.168.5.0/24 to any -> 10.0.2.15
>>     [peter at doctor ~]$ host pkg.freebsd.org
>>     pkg.freebsd.org is an alias for pkgmir.geo.freebsd.org.
>>     pkgmir.geo.freebsd.org has address 149.20.1.201
>>     pkgmir.geo.freebsd.org has IPv6 address 2001:4f8:1:11::50:1
>>
>> No change in the jail.
>>
>> tcpdump on the host shows resolution happening for the jail-host, but
>> nothing for the jail itself.
>>
>So you don’t see any UDP/DNS packets at all when the jail tries to 
>resolve a hostname?
>That’s certainly odd.
>
>Does `truss host google.com` in the jail show anything interesting?
>
>Regards,
>Kristof
>_______________________________________________
>freebsd-questions at freebsd.org mailing list
>https://lists.freebsd.org/mailman/listinfo/freebsd-questions
>To unsubscribe, send any mail to
>"freebsd-questions-unsubscribe at freebsd.org"


More information about the freebsd-questions mailing list