Date: Sun, 2 Jun 2013 12:51:54 +0000 (UTC) From: Mogamat Abrahams <lists@tabits.co.za> To: freebsd-jail@freebsd.org Subject: Re: Cant reach Jailed services from internet. Message-ID: <loom.20130602T144515-343@post.gmane.org> References: <loom.20130527T091739-282@post.gmane.org> <cc5f425486d0fc06e1ddc0a8cbe300ad@nanogene.org> <loom.20130527T215634-190@post.gmane.org> <20130528145629.X55451@sola.nimnet.asn.au> <20130528080719.GA11195@eik.bme.hu> <loom.20130528T180339-694@post.gmane.org> <loom.20130529T091557-794@post.gmane.org> <51A5F743.7080307@a1poweruser.com> <loom.20130530T144859-588@post.gmane.org> <51A758FF.4080402@a1poweruser.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Joe <fbsd8@...> writes: > Your 67.205.xx.xx ip address looks like a dynamic ip address that you > use dhcp to automatically obtain all the network configuration > information needed by your host. Static ip addresses don't work that > way. You have to manually configure the static network. If I remember > correctly, for a block of 3 assignable ip addresses you need a block of > 5 from your provider. The first and last ip address are used to config > the network. This address was provided and I manually configured the nic. > You never said if you have a firewall on your host. The firewall rules > maybe dropping unsolicited inbound traffic for those 174 prefixed ip > addresses. Try putting a pass all log from that NIC rule or just a log > all rule or turn off the firewall all together and see what happens. > Verify your NAT is not trying to NAT unsolicited inbound traffic for > those 174 prefixed ip addresses. I had no firewall installed on the machine as we were still setting up and usually only add firewalling last. Here is something interesting though, since compiling a custom kernel and including: device<><------>pf device<><------>pflog nooptions<----->sctp options><------>VIMAGE device ><------>epair device ><------>if_bridge options><------>NULLFS #firewall options MROUTING # Multicast routing options IPFIREWALL #firewall options IPFIREWALL_VERBOSE #enable logging to syslogd(8) options IPFIREWALL_VERBOSE_LIMIT=100 #limit verbosity options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by default options IPFIREWALL_FORWARD #packet destination changes options ACCEPT_FILTER_DATA options ACCEPT_FILTER_DNS options ACCEPT_FILTER_HTTP options ZERO_COPY_SOCKETS My JAILS now both receive and respond to traffic! This was the only change i remember making. Just running on firewall_type="OPEN" and have not even defined any other rules. So the problem seems solved, however still not sure what fixed it....!! Is NAT a requirement for Jail networking where the default gateway is not on the same subnet as the Jail?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?loom.20130602T144515-343>