On Sat, Jul 17, 2010 at 7:51 AM, Erik Norgaard <norga...@locolomo.org> wrote: > On 16/07/10 02.56, alexus wrote: > >>>>> su-3.2# cat /etc/ipnat.rules >>>>> map fxp0 lama -> 0/32 >>>>> rdr fxp0 64.52.58.58 port ssh -> lama port ssh tcp >>> >>> What's that first rule supposed to do? >> >> provides a NAT within jail > > Just guessing, try to put the rdr rule first. Another thing, the > firewall/nat may be loaded before starting the jail and thus unaware of > interfaces etc assigned to the jail.
tried switching rules - didn't help tried restarting ipnat after everything is started it >>>>> su-3.2# ifconfig >>>>> vr0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> >>>>> metric >>>>> 0 mtu 1500 >>>>> inet 172.16.172.16 netmask 0xffffffff broadcast 172.16.172.16 >>>>> fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 >>>>> mtu >>>>> 1500 >>>>> inet 64.52.58.58 netmask 0xffffffe0 broadcast 64.52.58.63 >>> >>> Where is this? this "su-3.2" is a bit confusing, would be useful to set >>> your >>> hostname to "jail" within the jail... >> >> su-3.2 is a host environment where jail is hosted > > And from within the jail, what do you see? From what I understand > 172.16.172.16 is the jail IP? from host's rc.conf su-3.2# grep ^jail /etc/rc.conf jail_enable="YES" jail_lama_devfs_enable="YES" jail_lama_hostname="lama" jail_lama_ip="172.16.172.16" jail_lama_rootdir="/usr/jail/lama" jail_list="lama" su-3.2# this is within jail -bash-3.2$ ifconfig vr0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=2808<VLAN_MTU,WOL_UCAST,WOL_MAGIC> ether 00:19:5b:68:9b:01 inet 172.16.172.16 netmask 0xffffffff broadcast 172.16.172.16 media: Ethernet autoselect (none) status: no carrier fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=2009<RXCSUM,VLAN_MTU,WOL_MAGIC> ether 00:0f:fe:aa:f4:61 media: Ethernet autoselect (100baseTX <full-duplex>) status: active plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> metric 0 mtu 1500 lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 -bash-3.2$ >>> I think it is typical for jails to clone the loopback interface for this >>> setup. >> >> not sure what you mean by this... >> if you referring this statement as if you though this is jail itself >> then >> this is not jail this is host environment (where jail is hosted) > >>> Use tcpdump, you should see if your rdr/map rules work as expected. Also, >>> pfctl -ss and similar. >> >> su-3.2# pfctl -ss >> pfctl: /dev/pf: No such file or directory >> su-3.2# > > Ah, you use ipfilter? yes, i use ipfilter & ipnat su-3.2# grep ^ip /etc/rc.conf ipfilter_enable="YES" ipmon_enable="YES" ipnat_enable="YES" su-3.2# >> i don't know how to use tcpdump, can you provide exact syntax so i can run >> it? > > The man-page is excelent. tried that, unfortunately not really sure what am i doing.. still >>> anyone? >>> >>> If nobody replies, maybe try to rephrase your question, investigate >>> further >>> and provide additional information rather than just repost. >> >> i was under impression that i pretty much covered all basis, or at >> least i thought i so ... apparently not... > > Honestly, I don't have a clear picture of what works and what doesn't or > where. You haven't posted your jail config from rc.conf and you could help > by making it clear when running any command that this is in the jail, jail# > this is on the hosting system hostname# and this is the client client# > etc... > > BR, Erik > > > lama is a jail environment (see rc.conf output from earlier) su-3.2 is a host environment any other questions? please just ask i'll provide you with whatever information is needed thanks again -- http://alexus.org/ _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"