UDP connections from NAT'ed jails

Peter Ludikovsky peter at ludikovsky.name
Tue Feb 27 09:11:10 UTC 2018

No, nothing at all. But truss gave me the right idea: somehow a zero-with char got into resolv.conf, and the resolver defaulted to, which won't work (yet).

Thanks for your help!


Am 27. Februar 2018 05:23:39 MEZ schrieb Kristof Provost <kristof at sigsegv.be>:
>On 26 Feb 2018, at 20:20, Peter Ludikovsky wrote:
>> With the adapdation on the VM:
>>     [peter at doctor ~]$ sudo service pf reload
>>     Reloading pf rules.
>>     [peter at doctor ~]$ cat /etc/pf.conf
>>     IP_PUB=""
>>     IP_JAIL=""
>>     NET_JAIL=""
>>     scrub in all
>>     #set skip on lo
>>     nat pass on em0 from $NET_JAIL to any -> $IP_PUB
>>     pass out keep state
>>     [peter at doctor ~]$ sudo pfctl -sn
>>     nat pass on em0 inet from to any ->
>>     [peter at doctor ~]$ host pkg.freebsd.org
>>     pkg.freebsd.org is an alias for pkgmir.geo.freebsd.org.
>>     pkgmir.geo.freebsd.org has address
>>     pkgmir.geo.freebsd.org has IPv6 address 2001:4f8:1:11::50:1
>> No change in the jail.
>> tcpdump on the host shows resolution happening for the jail-host, but
>> nothing for the jail itself.
>So you don’t see any UDP/DNS packets at all when the jail tries to 
>resolve a hostname?
>That’s certainly odd.
>Does `truss host google.com` in the jail show anything interesting?
>freebsd-questions at freebsd.org mailing list
>To unsubscribe, send any mail to
>"freebsd-questions-unsubscribe at freebsd.org"

More information about the freebsd-questions mailing list