Date: Thu, 15 Jul 2010 20:56:51 -0400 From: alexus <alexus@gmail.com> To: Erik Norgaard <norgaard@locolomo.org> Cc: freebsd-questions@freebsd.org Subject: Re: ipnat.conf - map and rdr won't work! Message-ID: <AANLkTin6hYyHiG8taifkNHPBtKI0rKOkAaGRYodV1LLC@mail.gmail.com> In-Reply-To: <4C3F91CF.5090206@locolomo.org> References: <AANLkTilVTo36Fzdh2DKAQhRjyDj8MNUuV9dhwvQ7Gf-V@mail.gmail.com> <AANLkTinh0CykJ1Av3f2THPDFOLS0YtYLDvRMHXm_wD3w@mail.gmail.com> <4C3F91CF.5090206@locolomo.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jul 15, 2010 at 6:55 PM, Erik Norgaard <norgaard@locolomo.org> wrot= e: > On 15/07/10 21.17, alexus wrote: >> >> On Wed, Jul 14, 2010 at 10:32 PM, alexus<alexus@gmail.com> =C2=A0wrote: >>> >>> I can't put my mind around it, before reboot I was able to ssh in from >>> outside to my jail and right now I can't! > > What did you change? as far as know nothing was changed, that's why i can't wrap my mind around it why did it stop working all of the sudden and i reboot my box in the past yet everything was working as expected. >>> su-3.2# cat /etc/ipnat.rules >>> map fxp0 lama -> =C2=A00/32 >>> rdr fxp0 64.52.58.58 port ssh -> =C2=A0lama port ssh tcp > > What's that first rule supposed to do? provides a NAT within jail >>> su-3.2# grep lama /etc/hosts >>> 172.16.172.16 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 lama > >>> su-3.2# ifconfig >>> vr0: flags=3D8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> =C2= =A0metric >>> 0 mtu 1500 >>> =C2=A0 =C2=A0 =C2=A0 =C2=A0options=3D2808<VLAN_MTU,WOL_UCAST,WOL_MAGIC> >>> =C2=A0 =C2=A0 =C2=A0 =C2=A0ether 00:19:5b:68:9b:01 >>> =C2=A0 =C2=A0 =C2=A0 =C2=A0inet 172.16.172.16 netmask 0xffffffff broadc= ast 172.16.172.16 >>> =C2=A0 =C2=A0 =C2=A0 =C2=A0media: Ethernet autoselect (none) >>> =C2=A0 =C2=A0 =C2=A0 =C2=A0status: no carrier >>> fxp0: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> =C2=A0metric= 0 mtu >>> 1500 >>> =C2=A0 =C2=A0 =C2=A0 =C2=A0options=3D2009<RXCSUM,VLAN_MTU,WOL_MAGIC> >>> =C2=A0 =C2=A0 =C2=A0 =C2=A0ether 00:0f:fe:aa:f4:61 >>> =C2=A0 =C2=A0 =C2=A0 =C2=A0inet 64.52.58.58 netmask 0xffffffe0 broadcas= t 64.52.58.63 >>> =C2=A0 =C2=A0 =C2=A0 =C2=A0media: Ethernet autoselect (100baseTX<full-d= uplex>) >>> =C2=A0 =C2=A0 =C2=A0 =C2=A0status: active > > Where is this? this "su-3.2" is a bit confusing, would be useful to set y= our > hostname to "jail" within the jail... su-3.2 is a host environment where jail is hosted > I think it is typical for jails to clone the loopback interface for this > setup. not sure what you mean by this... if you referring this statement as if you though this is jail itself then this is not jail this is host environment (where jail is hosted) >>> su-3.2# jls >>> =C2=A0 JID =C2=A0IP Address =C2=A0 =C2=A0 =C2=A0Hostname =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0Path >>> =C2=A0 =C2=A0 1 =C2=A0172.16.172.16 =C2=A0 lama =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0/usr/j= ail/lama >>> >>> and this is me from outside trying to ssh to my box and getting time >>> out... >>> >>> mp:~ alexus$ ssh -v jothost.com >>> OpenSSH_5.2p1, OpenSSL 0.9.8l 5 Nov 2009 >>> debug1: Reading configuration data /etc/ssh_config >>> debug1: Connecting to jothost.com [64.52.58.58] port 22. >>> debug1: connect to address 64.52.58.58 port 22: Operation timed out >>> ssh: connect to host jothost.com port 22: Operation timed out > > Use tcpdump, you should see if your rdr/map rules work as expected. Also, > pfctl -ss and similar. su-3.2# pfctl -ss pfctl: /dev/pf: No such file or directory su-3.2# i don't know how to use tcpdump, can you provide exact syntax so i can run = it? whenever I try to ssh from outside ipnat -l shows following (last line under active sessions): su-3.2# ipnat -l List of active MAP/Redirect filters: map fxp0 172.16.172.16/32 -> 0.0.0.0/32 rdr fxp0 64.52.58.58/32 port 22 -> 172.16.172.16 port 22 tcp List of active sessions: RDR 172.16.172.16 22 <- -> 64.52.58.58 22 [24.190.74.126 50715] su-3.2# > Can you ssh from the host system to the jail? yes, it takes a bit long but that's due to map rule inside of ipnat.conf isn't working either as rdr doesn't work >> anyone? > > If nobody replies, maybe try to rephrase your question, investigate furth= er > and provide additional information rather than just repost. i was under impression that i pretty much covered all basis, or at least i thought i so ... apparently not... but if you do feel that you need any additional information i'll be more then happy to provide it for you. thanks in advance > BR, Erik > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o= rg" > --=20 http://alexus.org/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTin6hYyHiG8taifkNHPBtKI0rKOkAaGRYodV1LLC>