Re: ipnat.conf - map and rdr won't work!

Thu, 15 Jul 2010 15:55:31 -0700 

On 15/07/10 21.17, alexus wrote:

On Wed, Jul 14, 2010 at 10:32 PM, alexus<[email protected]>  wrote:

I can't put my mind around it, before reboot I was able to ssh in from
outside to my jail and right now I can't!


What did you change?


su-3.2# cat /etc/ipnat.rules
map fxp0 lama ->  0/32
rdr fxp0 64.52.58.58 port ssh ->  lama port ssh tcp


What's that first rule supposed to do?


su-3.2# grep lama /etc/hosts
172.16.172.16           lama



su-3.2# ifconfig
vr0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST>  metric
0 mtu 1500
        options=2808<VLAN_MTU,WOL_UCAST,WOL_MAGIC>
        ether 00:19:5b:68:9b:01
        inet 172.16.172.16 netmask 0xffffffff broadcast 172.16.172.16
        media: Ethernet autoselect (none)
        status: no carrier
fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST>  metric 0 mtu 1500
        options=2009<RXCSUM,VLAN_MTU,WOL_MAGIC>
        ether 00:0f:fe:aa:f4:61
        inet 64.52.58.58 netmask 0xffffffe0 broadcast 64.52.58.63
        media: Ethernet autoselect (100baseTX<full-duplex>)
        status: active



Where is this? this "su-3.2" is a bit confusing, would be useful to set 
your hostname to "jail" within the jail...



I think it is typical for jails to clone the loopback interface for this 
setup.



su-3.2# jls
   JID  IP Address      Hostname                      Path
     1  172.16.172.16   lama                          /usr/jail/lama

and this is me from outside trying to ssh to my box and getting time out...

mp:~ alexus$ ssh -v jothost.com
OpenSSH_5.2p1, OpenSSL 0.9.8l 5 Nov 2009
debug1: Reading configuration data /etc/ssh_config
debug1: Connecting to jothost.com [64.52.58.58] port 22.
debug1: connect to address 64.52.58.58 port 22: Operation timed out
ssh: connect to host jothost.com port 22: Operation timed out



Use tcpdump, you should see if your rdr/map rules work as expected. 
Also, pfctl -ss and similar.


Can you ssh from the host system to the jail?


anyone?



If nobody replies, maybe try to rephrase your question, investigate 
further and provide additional information rather than just repost.


BR, Erik
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[email protected]"






















					Reply via email to