https://www.openbsd.org/faq/current.html#r20180613b
I can respond in more details when I’m back online later this week.
Reyk
> Am 16.07.2018 um 20:29 schrieb Ax0n <a...@h-i-r.net>:
>
> On Mon, Jul 16, 2018 at 4:56 AM, Rickard von Essen <
> rickard.von.es...@gmail.com> wrote:
>
>> It looks like cloud-init in the VM can't even reach 169.254.169.254. Does
>> it have routing to get there? Is there a fw blocking the calls from the VM
>> to 169.254.169.254?
>>
>
> I don't think so. This is my pf.conf (n.b. it's mostly just additional
> stuff so that I can access the permanently-configired VMs through the NAT)
>
> # $OpenBSD: pf.conf,v 1.55 2017/12/03 20:40:04 sthen Exp $
> #
> # See pf.conf(5) and /etc/examples/pf.conf
> ext_if="athn0"
> #ext_if="bge0"
> vmd_if="vether0"
>
> set skip on lo
>
> block return # block stateless traffic
> pass # establish keep-state
>
> # By default, do not permit remote connections to X11
> block return in on ! lo0 proto tcp to port 6000:6010
>
> # vmm setup: outbound nat, inbound port mapping
> match out on $ext_if inet from $vmd_if:network to any nat-to ($ext_if)
> pass in on $ext_if proto tcp from any to any port 2200 rdr-to 10.13.37.200
> port 22
> pass in on $ext_if proto tcp from any to any port 2201 rdr-to 10.13.37.201
> port 22
> pass in on $ext_if proto tcp from any to any port 2202 rdr-to 10.13.37.202
> port 22
> pass in on $ext_if proto tcp from any to any port 2203 rdr-to 10.13.37.203
> port 22
> pass in on $ext_if proto tcp from any to any port 2204 rdr-to 10.13.37.204
> port 22
> pass in on $ext_if proto tcp from any to any port 8000 rdr-to 10.13.37.200
> port 80
> pass in on $ext_if proto tcp from any to any port 8001 rdr-to 10.13.37.201
> port 80
> pass in on $ext_if proto tcp from any to any port 8002 rdr-to 10.13.37.202
> port 80
> pass in on $ext_if proto tcp from any to any port 8003 rdr-to 10.13.37.203
> port 80
>
> So that you can get a feel for my setup:
> vether0 is static-configured 10.13.37.1 255.255.255.0. dhcpd is bound only
> to vether0 (to assign a mix of reserved and pool IPs to VMM guests) and
> vether0 is added to bridge0 at boot via hostname.bridge0.
>
> bridge0 is tied to the "local" switch in vm.conf, and that's what all of my
> VMs connect to.
>
>
>> On Mon, Jul 16, 2018 at 12:20 PM, <ed...@pettijohn-web.com> wrote:
>>
>>
>> I thought it was:
>>
>> root "/" strip 1
>>
>> No curlies and no comma, but I haven't tried it.
>>
>>
> httpd doesn't like that syntax, either:
>
> [axon@transient ~]$ doas httpd -d
> startup
> /etc/httpd.conf:16: syntax error
> logger exiting, pid 63722
> server exiting, pid 24069
> server exiting, pid 34562
> server exiting, pid 69335
> [axon@transient ~]$ cat -n /etc/httpd.conf
> 1 ext_addr="*"
> 2 server "default" {
> 3 root "/htdocs/"
> 4 directory auto index
> 5 listen on $ext_addr port 80
> 6 }
> 7
> 8 # Include MIME types instead of the built-in ones
> 9 types {
> 10 include "/usr/share/misc/mime.types"
> 11 }
> 12
> 13 server "meta-data" {
> 14 listen on 169.254.169.254 port 80
> 15 fastcgi socket "/run/httpd.sock"
> 16 root "/" strip 1
> 17 }
> 18
