From nobody Tue Oct 17 16:14:57 2023 X-Original-To: freebsd-virtualization@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4S8zbz277Bz4xhbk for ; Tue, 17 Oct 2023 16:15:43 +0000 (UTC) (envelope-from odhiambo@gmail.com) Received: from mail-lf1-x12d.google.com (mail-lf1-x12d.google.com [IPv6:2a00:1450:4864:20::12d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4S8zbx2Cgwz4LdB for ; Tue, 17 Oct 2023 16:15:41 +0000 (UTC) (envelope-from odhiambo@gmail.com) Authentication-Results: mx1.freebsd.org; none Received: by mail-lf1-x12d.google.com with SMTP id 2adb3069b0e04-5079fa1bbf8so5139748e87.0 for ; Tue, 17 Oct 2023 09:15:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1697559335; x=1698164135; darn=freebsd.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=4nm/Ov43+26uCCD3CrKvmYx/A387Vrr9uxzndhRJj74=; b=GU6RegS8RZZkj0EOqIaZaGGLvJRUxxIPKAaGHKPKEynNKn/FDwbVdcsmmF8I5pAJKV uhyzedJKocj1T/xY8vEQ+DxGSEbUla2OWsdyxv3AqiNK6Y6rxyT718lcWFKvhgt6trDr yGuR479VjvikwnyCCStVq7CRuNrDvLVNXdIuff/nDrDPLhkTfr5VUdLqvAd/8fXC0b8O 6rxjvs0BoAsEkVqqnKhLR0R2z1xOhXg5mzDepcnZgFl50fg4Qumd0AhJ1YVzqY2S7z70 7WPQqPNXhKA6aaYxUMio3sSyS8+mR/cZl/OPCVPu/Alci35394WcK1QpogvGCl8gCKcd cIkw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697559335; x=1698164135; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=4nm/Ov43+26uCCD3CrKvmYx/A387Vrr9uxzndhRJj74=; b=rUraCyvvaJYbh6ak61Td8nFh0xloxs2K+lCyZOmnuhzpSDia06nqOcq80w5TU2eyq5 wy2jedbpcZHC6S+XDpk/u4DLmvBZ18uMPsOZeOcvCaxzEvKwzTSsLtw4DuOBOG+2dE9S 5lNf8iQ+LPPri1p7bueaTKfKHNqLz3N3xNGRjKy1oeJyNgmQwTa0PGMUWVGclcc2rmpd odZNEv/8mQmhLnHXT9KjgAoLNv+lkc+YV8KjxmlZvXhSnjuWEYL/wCbpcbyfNBBUvS2+ At1rj4CYYMFhbOPSOMaxtRUCmAN/U2LsV61Pv4gCRvD8onu3gDrqmkLSC1LhOQpFW06A PHeg== X-Gm-Message-State: AOJu0Yy6yHG3J/+e3oPhoD77U8wn3upF4YTplHRWuEU/vhP6Kjkx4JU5 bETBYPIbtQ2amhwQ41t2DIDIGYfWqC6D/SVLc5+kLD0yoVSHKSEH X-Google-Smtp-Source: AGHT+IGTG1b43uPqj7HnE7HzZ4otogWQ7oCo/88jyKYafzfOf0xN1CHOgIxw7Ocl7vtcXogjY+tbuV+5lVK5nS9ISnk= X-Received: by 2002:a05:651c:106e:b0:2c5:1989:ce1c with SMTP id y14-20020a05651c106e00b002c51989ce1cmr1673140ljm.26.1697559334838; Tue, 17 Oct 2023 09:15:34 -0700 (PDT) List-Id: Discussion List-Archive: https://lists.freebsd.org/archives/freebsd-virtualization List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-virtualization@freebsd.org X-BeenThere: freebsd-virtualization@freebsd.org MIME-Version: 1.0 References: In-Reply-To: From: Odhiambo Washington Date: Tue, 17 Oct 2023 19:14:57 +0300 Message-ID: Subject: Re: Running a webserver inside a bhyve host and exposing it to the world via PF To: Paul Procacci Cc: freebsd-virtualization@freebsd.org Content-Type: multipart/alternative; boundary="0000000000002368070607ebd51d" X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US] X-Rspamd-Queue-Id: 4S8zbx2Cgwz4LdB --0000000000002368070607ebd51d Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Tue, Oct 17, 2023 at 6:03=E2=80=AFPM Paul Procacci = wrote: > > > On Tue, Oct 17, 2023 at 10:01=E2=80=AFAM Odhiambo Washington > wrote: > >> I am stuck on how I can achieve this. >> I have a Linux VM running under bhyve. I have installed a webserver >> running on port 80 that I'd like to expose to the outside world. >> I am unable to figure out how to achieve this with PF running on the hos= t >> machine. >> >> 1. I am able to access my VM using VNC Viewer >> 2. My VM is able to access the Internet >> 3. I am NOT able to ping my VM from the host >> 4. I am unable to SSH into the VM from the host. >> >> My hunch tells me it's about my PF.conf, but is there a guide somewhere >> on achieving the above? >> >> >> -- >> Best regards, >> Odhiambo WASHINGTON, >> Nairobi,KE >> +254 7 3200 0004/+254 7 2274 3223 >> "Oh, the cruft.", egrep -v '^$|^.*#' =C2=AF\_(=E3=83=84)_/=C2=AF :-) >> [How to ask smart questions: >> http://www.catb.org/~esr/faqs/smart-questions.html] >> > > Care to share what you tried with your PF.conf? > > It should be something as simple as: > rdr on proto tcp from to port > -> port > What I have is: rdr pass on $ext_if inet proto tcp from any to any port { 8081, 8999 } -> 172.16.0.3 port 80 I have stumbled upon something that I need to figure out first. Not sure if I am making some obvious mistake. I am running dnsmasq to dish out IPs and DNS to the VMs. If I let a VM get an IP via DHCP, I am able to ping it from the host and even access services on it. However, if I assign an IP to the VM manually, I am not able to ping or access a service on it from the host. --=20 Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", egrep -v '^$|^.*#' =C2=AF\_(=E3=83=84)_/=C2=AF :-) [How to ask smart questions: http://www.catb.org/~esr/faqs/smart-questions.html] --0000000000002368070607ebd51d Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


=
On Tue, Oct 17, 2023 at 6:03=E2=80=AF= PM Paul Procacci <pprocacci@gmail= .com> wrote:


On Tue, Oct 17, 2023 at 10:0= 1=E2=80=AFAM Odhiambo Washington <odhiambo@gmail.com> wrote:
I am stuck on how I ca= n achieve this.
I have a Linux=C2=A0VM running under bhyve. I have inst= alled a webserver running on port=C2=A080 that I'd like to expose to th= e outside world.
I am unable to figure out how to achieve this wi= th PF running on the host machine.

1. I am able to= access my VM using VNC Viewer
2. My VM is able to access the Int= ernet
3. I am NOT able to ping my VM from the host
4. I= am unable to SSH into the VM from the host.=C2=A0

My hunch tells me it's about my PF.conf, but is there a guide somewher= e on achieving the above?


--
Best regards,
Odhi= ambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
&quo= t;Oh, the cruft.",=C2=A0egrep -v= '^$|^.*#'=C2=A0=C2=AF\_(=E3=83=84)_/=C2= =AF=C2=A0:-)
[How to ask smart questions:=C2=A0http://www.catb.org/~esr/faqs/smart-questi= ons.html]

Care to share what you trie= d with your PF.conf?

It should be something as simple as:
= rdr on <interface> proto tcp from <source host> to <physical= host> port <physical port> -> <internal host> port <i= nternal port>
What I have is:

rdr pass on $ext= _if inet proto tcp from any to any port { 8081, 8999 } -> 172.16.0.3 por= t 80

I= have stumbled upon something that I need to figure out first. Not sure if = I am making some obvious mistake.
I am runn= ing dnsmasq to dish out IPs and DNS to the VMs.
If I let a VM get an IP via DHCP, I am able to ping it from the host a= nd even access services on it.
However, if = I assign an IP to the VM manually, I am not able to ping or access a servic= e on it from the host.


-- <= /span>
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+25= 4 7 3200 0004/+254 7 2274 3223
"Oh= , the cruft.",=C2=A0egrep -v '^$|^.*#'=C2=A0=C2=AF\_(=E3=83=84)_/=C2=AF=C2=A0:-)
[How to as= k smart questions:=C2=A0http:= //www.catb.org/~esr/faqs/smart-questions.html]
=
--0000000000002368070607ebd51d--