UDP connections from NAT'ed jails
kraduk at gmail.com
Tue Feb 27 11:30:56 UTC 2018
Just checking but do you need/want to run the jails in natted mode? I ask
as its a lot simpler to setup jails with vimage and a bridged interface.
On 27 February 2018 at 09:07, Peter Ludikovsky <peter at ludikovsky.name>
> No, nothing at all. But truss gave me the right idea: somehow a zero-with
> char got into resolv.conf, and the resolver defaulted to 127.0.0.1, which
> won't work (yet).
> Thanks for your help!
> Am 27. Februar 2018 05:23:39 MEZ schrieb Kristof Provost <
> kristof at sigsegv.be>:
> >On 26 Feb 2018, at 20:20, Peter Ludikovsky wrote:
> >> With the adapdation on the VM:
> >> [peter at doctor ~]$ sudo service pf reload
> >> Reloading pf rules.
> >> [peter at doctor ~]$ cat /etc/pf.conf
> >> IP_PUB="10.0.2.15"
> >> IP_JAIL="192.168.5.2"
> >> NET_JAIL="192.168.5.0/24"
> >> scrub in all
> >> #set skip on lo
> >> nat pass on em0 from $NET_JAIL to any -> $IP_PUB
> >> pass out keep state
> >> [peter at doctor ~]$ sudo pfctl -sn
> >> nat pass on em0 inet from 192.168.5.0/24 to any -> 10.0.2.15
> >> [peter at doctor ~]$ host pkg.freebsd.org
> >> pkg.freebsd.org is an alias for pkgmir.geo.freebsd.org.
> >> pkgmir.geo.freebsd.org has address 18.104.22.168
> >> pkgmir.geo.freebsd.org has IPv6 address 2001:4f8:1:11::50:1
> >> No change in the jail.
> >> tcpdump on the host shows resolution happening for the jail-host, but
> >> nothing for the jail itself.
> >So you don’t see any UDP/DNS packets at all when the jail tries to
> >resolve a hostname?
> >That’s certainly odd.
> >Does `truss host google.com` in the jail show anything interesting?
> >freebsd-questions at freebsd.org mailing list
> >To unsubscribe, send any mail to
> >"freebsd-questions-unsubscribe at freebsd.org"
> freebsd-questions at freebsd.org mailing list
> To unsubscribe, send any mail to "freebsd-questions-
> unsubscribe at freebsd.org"
More information about the freebsd-questions