Re: iocage, vnet jail does not go outside
- Reply: Michael Gmelin : "Re: iocage, vnet jail does not go outside"
- In reply to: Michael Gmelin : "Re: iocage, vnet jail does not go outside"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 23 Jul 2021 18:04:41 UTC
Le vendredi 23 juil. 2021 à 19:51:42 (+0200), Michael Gmelin à écrit:
Hello Michael,
> You need to enable some sort of NAT at your end, e.g. using pf. Traffic
> is leaving your host on a private IP.
I forgot to post the part of my pf.conf your right. I enabled a NAT (may be in
a wroing way):
ext_if = em0
int_if = "{lo0 lo1}"
bridge_if = bridge0
icmp_types="{ echoreq, unreach }"
# ok loopback
set skip on lo0
set skip on lo1
#set skip on bridge0
# define jails
jails_net = "{192.168.12.0/24 10.0.10.0/24 2a01:4f9:4a:1fd8::/64}"
…
# nat
nat on $ext_if from $jails_net to any -> $ext_if
…
# ExampleJail
rdr on $ext_if inet proto tcp from any to $ext_if port $examplejail_ports -> $examplejail_v4
rdr on $ext_if inet6 proto tcp from any to $ext_if port $examplejail_ports -> $examplejail_v6
…
pass in log quick on $ext_if proto tcp from any to $examplejail_v4 port $examplejail_ports flags S/SA keep state
pass in log quick on $ext_if proto tcp from any to $examplejail_v6 port $examplejail_ports
…
# Allow icmp
pass in inet proto icmp all icmp-type $icmp_types
#IPv6 - pass in/out all IPv6 ICMP traffic
pass in quick proto icmp6 Allow
Is there something wrong of missing? I was guessing that the NAT is correct
because I can connect from outside (IPv4 and IPv6) to this jail.
Thanks again for your time.
--
Jacques Foucry