From owner-freebsd-questions@freebsd.org Sun Sep 13 18:25:24 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id CB5DD3E343E for ; Sun, 13 Sep 2020 18:25:24 +0000 (UTC) (envelope-from jacques+freebsd@foucry.net) Received: from mail.foucry.net (fournil.foucry.net [95.217.83.231]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4BqHwg2rBfz4VF6 for ; Sun, 13 Sep 2020 18:25:21 +0000 (UTC) (envelope-from jacques+freebsd@foucry.net) Received: from mail.foucry.net (unknown [192.168.12.17]) by mail.foucry.net (Postfix) with ESMTP id CC470D4FE for ; Sun, 13 Sep 2020 18:25:13 +0000 (UTC) X-Virus-Scanned: amavisd-new at foucry.net Received: from mail.foucry.net ([192.168.12.17]) by mail.foucry.net (mail.foucry.net [192.168.12.17]) (amavisd-new, port 10024) with ESMTP id Stbqa1XHsGly for ; Sun, 13 Sep 2020 18:25:01 +0000 (UTC) Received: by mail.foucry.net (Postfix, from userid 58) id C663AD4F1; Sun, 13 Sep 2020 18:25:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=foucry.net; s=dkim; t=1600021500; bh=0JpBnGqY/b3Uc6oW+EVrbGqu1kA0P5bAIGy8xw1wTiI=; h=Date:From:To:Subject; b=v09GwFm0add+7T0h8FlbhmN2ohoUyVYsq5r3SuG5BiaijSBgw9QDYBiVVOOJ4Xabo IOS7Qphk7yFMoqKbpb81bj8M0h20nINBteCMgKQoR09SLdw4oJ9GpLXBt3x+abn0Tb /R6pGCd8nY3GZgdBl1vFMsFPm1PRsD9jGa/joFy8= Received: from mithril.localdomain (lfbn-idf2-1-432-253.w86-246.abo.wanadoo.fr [86.246.140.253]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mail.foucry.net (Postfix) with ESMTPSA id 6D659D4ED for ; Sun, 13 Sep 2020 18:24:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=foucry.net; s=dkim; t=1600021498; bh=0JpBnGqY/b3Uc6oW+EVrbGqu1kA0P5bAIGy8xw1wTiI=; h=Date:From:To:Subject; b=a0Ja4tXXaQVxNzuD9LcxJZvrnTdCw9dLWV3AljP6rOsytWy85hfR0vnW48hLWjrrA HbkheKCbY75yuuTjl9mCV0n/1XByIoW/V0mi36IjHFapZLmhKGG2WHOivAIro9p7Q1 pSY+lWwLDv8xD0kCO9XtVJOBoL9eJ/YlEFB8ZII0= Received: from mithril (localhost [IPv6:::1]) by mithril.localdomain (Postfix) with ESMTP id B1E4A18A56 for ; Sun, 13 Sep 2020 20:24:57 +0200 (CEST) Date: Sun, 13 Sep 2020 20:24:57 +0200 From: Jacques Foucry To: freebsd-questions@freebsd.org Subject: mosh, jail and pf Message-ID: <20200913182457.GD76929@mithril> Mail-Followup-To: freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 4BqHwg2rBfz4VF6 X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=foucry.net header.s=dkim header.b=v09GwFm0; dkim=pass header.d=foucry.net header.s=dkim header.b=a0Ja4tXX; dmarc=pass (policy=none) header.from=foucry.net; spf=pass (mx1.freebsd.org: domain of jacques@foucry.net designates 95.217.83.231 as permitted sender) smtp.mailfrom=jacques@foucry.net X-Spamd-Result: default: False [-3.41 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; RCVD_COUNT_FIVE(0.00)[6]; R_DKIM_ALLOW(-0.20)[foucry.net:s=dkim]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.02)[-1.019]; MID_RHS_NOT_FQDN(0.50)[]; DKIM_TRACE(0.00)[foucry.net:+]; DMARC_POLICY_ALLOW(-0.50)[foucry.net,none]; NEURAL_HAM_SHORT(-0.83)[-0.831]; NEURAL_HAM_MEDIUM(-1.06)[-1.064]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:24940, ipnet:95.217.0.0/16, country:DE]; TAGGED_FROM(0.00)[freebsd]; MAILMAN_DEST(0.00)[freebsd-questions] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Sep 2020 18:25:24 -0000 Hello Experts, I would like to use mosh in order to keep some ssh connexion even if close my laptop. mosh is installed on a jail and ssh is listen on port 4243 I tried, from my laptop `mosh --port 60000 --ssh "ssh -t -t -p4243" -- host ssh -t -t jail It does not work and the error is: ``` mosh did not make a successful connection to ww.xx.yy.zz:60000. Please verify that UDP port 60000 is not firewalled and can reach the server. (By default, mosh uses a UDP port between 60000 and 61000. The -p option selects a specific UDP port number.) [mosh is exiting.]``` Looks like a `pf` problem, I need to open the 60000:61000 port range. So I read the pf man page and saw that range are define with a colom: ``Port 2000:2004 means ‘all ports ≥ 2000 and ≤ 2004’, hence ports 2000, 2001, 2002, 2003 and 2004.``` So I defined: `mosh_port = 60000:61000` and the rule: ` But nothing works. So I need your help or advices to configure, I suppose, `pf` to make mosh working for contacting my jails. Thanks in advance -- Jacques Foucry