On 16/07/10 02.56, alexus wrote:
su-3.2# cat /etc/ipnat.rules
map fxp0 lama -> 0/32
rdr fxp0 64.52.58.58 port ssh -> lama port ssh tcp
What's that first rule supposed to do?
provides a NAT within jail
Just guessing, try to put the rdr rule first. Another thing, the
firewall/nat may be loaded before starting the jail and thus unaware of
interfaces etc assigned to the jail.
su-3.2# ifconfig
vr0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric
0 mtu 1500
inet 172.16.172.16 netmask 0xffffffff broadcast 172.16.172.16
fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu
1500
inet 64.52.58.58 netmask 0xffffffe0 broadcast 64.52.58.63
Where is this? this "su-3.2" is a bit confusing, would be useful to set your
hostname to "jail" within the jail...
su-3.2 is a host environment where jail is hosted
And from within the jail, what do you see? From what I understand
172.16.172.16 is the jail IP?
I think it is typical for jails to clone the loopback interface for this
setup.
not sure what you mean by this...
if you referring this statement as if you though this is jail itself
then
this is not jail this is host environment (where jail is hosted)
Use tcpdump, you should see if your rdr/map rules work as expected. Also,
pfctl -ss and similar.
su-3.2# pfctl -ss
pfctl: /dev/pf: No such file or directory
su-3.2#
Ah, you use ipfilter?
i don't know how to use tcpdump, can you provide exact syntax so i can run it?
The man-page is excelent.
anyone?
If nobody replies, maybe try to rephrase your question, investigate further
and provide additional information rather than just repost.
i was under impression that i pretty much covered all basis, or at
least i thought i so ... apparently not...
Honestly, I don't have a clear picture of what works and what doesn't or
where. You haven't posted your jail config from rc.conf and you could
help by making it clear when running any command that this is in the
jail, jail# this is on the hosting system hostname# and this is the
client client# etc...
BR, Erik
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[email protected]"
