On Thu, Jul 15, 2010 at 6:55 PM, Erik Norgaard <norga...@locolomo.org> wrote: > On 15/07/10 21.17, alexus wrote: >> >> On Wed, Jul 14, 2010 at 10:32 PM, alexus<ale...@gmail.com> wrote: >>> >>> I can't put my mind around it, before reboot I was able to ssh in from >>> outside to my jail and right now I can't! > > What did you change?
as far as know nothing was changed, that's why i can't wrap my mind around it why did it stop working all of the sudden and i reboot my box in the past yet everything was working as expected. >>> su-3.2# cat /etc/ipnat.rules >>> map fxp0 lama -> 0/32 >>> rdr fxp0 64.52.58.58 port ssh -> lama port ssh tcp > > What's that first rule supposed to do? provides a NAT within jail >>> su-3.2# grep lama /etc/hosts >>> 172.16.172.16 lama > >>> su-3.2# ifconfig >>> vr0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric >>> 0 mtu 1500 >>> options=2808<VLAN_MTU,WOL_UCAST,WOL_MAGIC> >>> ether 00:19:5b:68:9b:01 >>> inet 172.16.172.16 netmask 0xffffffff broadcast 172.16.172.16 >>> media: Ethernet autoselect (none) >>> status: no carrier >>> fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu >>> 1500 >>> options=2009<RXCSUM,VLAN_MTU,WOL_MAGIC> >>> ether 00:0f:fe:aa:f4:61 >>> inet 64.52.58.58 netmask 0xffffffe0 broadcast 64.52.58.63 >>> media: Ethernet autoselect (100baseTX<full-duplex>) >>> status: active > > Where is this? this "su-3.2" is a bit confusing, would be useful to set your > hostname to "jail" within the jail... su-3.2 is a host environment where jail is hosted > I think it is typical for jails to clone the loopback interface for this > setup. not sure what you mean by this... if you referring this statement as if you though this is jail itself then this is not jail this is host environment (where jail is hosted) >>> su-3.2# jls >>> JID IP Address Hostname Path >>> 1 172.16.172.16 lama /usr/jail/lama >>> >>> and this is me from outside trying to ssh to my box and getting time >>> out... >>> >>> mp:~ alexus$ ssh -v jothost.com >>> OpenSSH_5.2p1, OpenSSL 0.9.8l 5 Nov 2009 >>> debug1: Reading configuration data /etc/ssh_config >>> debug1: Connecting to jothost.com [64.52.58.58] port 22. >>> debug1: connect to address 64.52.58.58 port 22: Operation timed out >>> ssh: connect to host jothost.com port 22: Operation timed out > > Use tcpdump, you should see if your rdr/map rules work as expected. Also, > pfctl -ss and similar. su-3.2# pfctl -ss pfctl: /dev/pf: No such file or directory su-3.2# i don't know how to use tcpdump, can you provide exact syntax so i can run it? whenever I try to ssh from outside ipnat -l shows following (last line under active sessions): su-3.2# ipnat -l List of active MAP/Redirect filters: map fxp0 172.16.172.16/32 -> 0.0.0.0/32 rdr fxp0 64.52.58.58/32 port 22 -> 172.16.172.16 port 22 tcp List of active sessions: RDR 172.16.172.16 22 <- -> 64.52.58.58 22 [24.190.74.126 50715] su-3.2# > Can you ssh from the host system to the jail? yes, it takes a bit long but that's due to map rule inside of ipnat.conf isn't working either as rdr doesn't work >> anyone? > > If nobody replies, maybe try to rephrase your question, investigate further > and provide additional information rather than just repost. i was under impression that i pretty much covered all basis, or at least i thought i so ... apparently not... but if you do feel that you need any additional information i'll be more then happy to provide it for you. thanks in advance > BR, Erik > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" > -- http://alexus.org/ _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
