Date: Tue, 27 Feb 2018 11:30:54 +0000 From: krad <kraduk@gmail.com> To: Peter Ludikovsky <peter@ludikovsky.name> Cc: FreeBSD Questions <freebsd-questions@freebsd.org>, Kristof Provost <kristof@sigsegv.be> Subject: Re: UDP connections from NAT'ed jails Message-ID: <CALfReycc6D90fm_NctZrjLR69VKFGVa=bMQt58dmZC=QUpdTxw@mail.gmail.com> In-Reply-To: <BF9D0686-A11D-4F4C-BFEF-38176E64F81B@ludikovsky.name> References: <8B3177FE-1FE5-4455-8F3C-CB5CE664B8C1@ludikovsky.name> <CB81FE3C-CA97-43DF-85D0-8C271C96DB9C@sigsegv.be> <6ADC216F-CD1E-4AFA-8E57-01E928BC2776@ludikovsky.name> <18932E8F-0FA3-4C0C-A507-3FB9AF9B8367@sigsegv.be> <BF9D0686-A11D-4F4C-BFEF-38176E64F81B@ludikovsky.name>
next in thread | previous in thread | raw e-mail | index | archive | help
Just checking but do you need/want to run the jails in natted mode? I ask as its a lot simpler to setup jails with vimage and a bridged interface. On 27 February 2018 at 09:07, Peter Ludikovsky <peter@ludikovsky.name> wrote: > No, nothing at all. But truss gave me the right idea: somehow a zero-with > char got into resolv.conf, and the resolver defaulted to 127.0.0.1, which > won't work (yet). > > Thanks for your help! > > Regards > /peter > > Am 27. Februar 2018 05:23:39 MEZ schrieb Kristof Provost < > kristof@sigsegv.be>: > >On 26 Feb 2018, at 20:20, Peter Ludikovsky wrote: > >> With the adapdation on the VM: > >> > >> [peter@doctor ~]$ sudo service pf reload > >> Reloading pf rules. > >> [peter@doctor ~]$ cat /etc/pf.conf > >> IP_PUB=3D"10.0.2.15" > >> IP_JAIL=3D"192.168.5.2" > >> NET_JAIL=3D"192.168.5.0/24" > >> scrub in all > >> #set skip on lo > >> nat pass on em0 from $NET_JAIL to any -> $IP_PUB > >> pass out keep state > >> [peter@doctor ~]$ sudo pfctl -sn > >> nat pass on em0 inet from 192.168.5.0/24 to any -> 10.0.2.15 > >> [peter@doctor ~]$ host pkg.freebsd.org > >> pkg.freebsd.org is an alias for pkgmir.geo.freebsd.org. > >> pkgmir.geo.freebsd.org has address 149.20.1.201 > >> pkgmir.geo.freebsd.org has IPv6 address 2001:4f8:1:11::50:1 > >> > >> No change in the jail. > >> > >> tcpdump on the host shows resolution happening for the jail-host, but > >> nothing for the jail itself. > >> > >So you don=E2=80=99t see any UDP/DNS packets at all when the jail tries = to > >resolve a hostname? > >That=E2=80=99s certainly odd. > > > >Does `truss host google.com` in the jail show anything interesting? > > > >Regards, > >Kristof > >_______________________________________________ > >freebsd-questions@freebsd.org mailing list > >https://lists.freebsd.org/mailman/listinfo/freebsd-questions > >To unsubscribe, send any mail to > >"freebsd-questions-unsubscribe@freebsd.org" > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions- > unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CALfReycc6D90fm_NctZrjLR69VKFGVa=bMQt58dmZC=QUpdTxw>