UDP connections from NAT'ed jails

Peter Ludikovsky peter at ludikovsky.name
Tue Feb 27 22:46:15 UTC 2018 

Need? No. Just one more thing for me to get experience with, as I do want to run some jails later on that shouldn't be directly accessible, eg. DB.

Am 27. Februar 2018 12:30:54 MEZ schrieb krad <kraduk at gmail.com>:
>Just checking but do you need/want to run the jails in natted mode? I
>ask
>as its a lot simpler to setup jails with vimage and a bridged
>interface.
>
>On 27 February 2018 at 09:07, Peter Ludikovsky <peter at ludikovsky.name>
>wrote:
>
>> No, nothing at all. But truss gave me the right idea: somehow a
>zero-with
>> char got into resolv.conf, and the resolver defaulted to 127.0.0.1,
>which
>> won't work (yet).
>>
>> Thanks for your help!
>>
>> Regards
>> /peter
>>
>> Am 27. Februar 2018 05:23:39 MEZ schrieb Kristof Provost <
>> kristof at sigsegv.be>:
>> >On 26 Feb 2018, at 20:20, Peter Ludikovsky wrote:
>> >> With the adapdation on the VM:
>> >>
>> >>     [peter at doctor ~]$ sudo service pf reload
>> >>     Reloading pf rules.
>> >>     [peter at doctor ~]$ cat /etc/pf.conf
>> >>     IP_PUB="10.0.2.15"
>> >>     IP_JAIL="192.168.5.2"
>> >>     NET_JAIL="192.168.5.0/24"
>> >>     scrub in all
>> >>     #set skip on lo
>> >>     nat pass on em0 from $NET_JAIL to any -> $IP_PUB
>> >>     pass out keep state
>> >>     [peter at doctor ~]$ sudo pfctl -sn
>> >>     nat pass on em0 inet from 192.168.5.0/24 to any -> 10.0.2.15
>> >>     [peter at doctor ~]$ host pkg.freebsd.org
>> >>     pkg.freebsd.org is an alias for pkgmir.geo.freebsd.org.
>> >>     pkgmir.geo.freebsd.org has address 149.20.1.201
>> >>     pkgmir.geo.freebsd.org has IPv6 address 2001:4f8:1:11::50:1
>> >>
>> >> No change in the jail.
>> >>
>> >> tcpdump on the host shows resolution happening for the jail-host,
>but
>> >> nothing for the jail itself.
>> >>
>> >So you don’t see any UDP/DNS packets at all when the jail tries to
>> >resolve a hostname?
>> >That’s certainly odd.
>> >
>> >Does `truss host google.com` in the jail show anything interesting?
>> >
>> >Regards,
>> >Kristof
>> >_______________________________________________
>> >freebsd-questions at freebsd.org mailing list
>> >https://lists.freebsd.org/mailman/listinfo/freebsd-questions
>> >To unsubscribe, send any mail to
>> >"freebsd-questions-unsubscribe at freebsd.org"
>> _______________________________________________
>> freebsd-questions at freebsd.org mailing list
>> https://lists.freebsd.org/mailman/listinfo/freebsd-questions
>> To unsubscribe, send any mail to "freebsd-questions-
>> unsubscribe at freebsd.org"
>>

More information about the freebsd-questions mailing list