Hi Guys,
I have created my first jail, but my IPv4 traffic doesn't return to the jail. Could you look at my configuration and point where potential problem is? On host machine routing and dns works fine. I use local_unbound as dns resolver for host and jail. There is no firewall on host machine nor host, neither h
I have Hyper-V vm machine where FreeBSD 12.2 release was installed. Kernel and system comes from pure installation and weren't rebuilded.
Host config:
/etc/rc.conf
/etc/jail.conf
/etc/sysctl.conf - empty
/etc/resolv.conf
/etc/sysctl.conf - empty
/etc/resolv.conf -empty
Using on host system tcpdump for icmp, when jail is sending icmp result in one way. None of packages returns.
Could you advice how to tune that configuration to fix problem?
I have created my first jail, but my IPv4 traffic doesn't return to the jail. Could you look at my configuration and point where potential problem is? On host machine routing and dns works fine. I use local_unbound as dns resolver for host and jail. There is no firewall on host machine nor host, neither h
I have Hyper-V vm machine where FreeBSD 12.2 release was installed. Kernel and system comes from pure installation and weren't rebuilded.
Host config:
/etc/rc.conf
Code:
# NETWORKING
hostname="nucleus.pl"
## INTERFACES
ifconfig_hn0="DHCP"
ifconfig_hn0_alias0="inet 10.10.20.1 netmask 255.255.255.255"
# DEAMONS
## CRON
cron_enable="NO"
## SYSLOGD
syslogd_flags="-ss"
## UNBOUND
local_unbound_enable="YES"
## SSH
sshd_enable="YES"
##SENDMAIL
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
##JAIL
jail_enable="YES"
/etc/jail.conf
Code:
dlna {
host.hostname = dlna;
ip4.addr = 10.10.20.1;
path = "/jails/dlna";
mount.devfs;
exec.clean;
allow.raw_sockets;
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
}
/etc/resolv.conf
Code:
nameserver 127.0.0.1
Code:
ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
inet 127.0.0.1 netmask 0xff000000
groups: lo
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
hn0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8051b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,TSO4,LRO,LINKSTATE>
ether 00:15:5d:02:03:02
inet 10.10.20.1 netmask 0xffffffff broadcast 10.10.20.1
inet 10.10.10.9 netmask 0xffffff00 broadcast 10.10.10.255
media: Ethernet autoselect (10Gbase-T <full-duplex>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
Code:
ping google.com
PING google.com (142.250.75.14): 56 data bytes
64 bytes from 142.250.75.14: icmp_seq=0 ttl=121 time=7.653 ms
64 bytes from 142.250.75.14: icmp_seq=1 ttl=121 time=7.752 ms
64 bytes from 142.250.75.14: icmp_seq=2 ttl=121 time=8.000 ms
sockstat -4
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
nietykalny sshd 1659 3 tcp4 10.10.10.9:22 10.10.10.4:49719
root sshd 1656 3 tcp4 10.10.10.9:22 10.10.10.4:49719
root sshd 1438 4 tcp4 *:22 *:*
unbound local-unbo 1217 3 udp4 *:53 *:*
unbound local-unbo 1217 4 tcp4 *:53 *:*
kldstat
Id Refs Address Size Name
1 5 0xffffffff80200000 227ad00 kernel
2 1 0xffffffff8271a000 2698 intpm.ko
3 1 0xffffffff8271d000 b40 smbus.ko
Routing tables
Internet:
Destination Gateway Flags Netif Expire
default RT-AX58U-B458 UGS hn0
10.10.10.0/24 link#2 U hn0
nucleus link#2 UHS lo0
10.10.20.1 link#2 UHS lo0
10.10.20.1/32 link#2 U hn0
localhost link#1 UH lo0
jls
JID IP Address Hostname Path
1 10.10.20.1 dlna /jails/dlna
[B]Jail config:[/B]
[file]/etc/rc.conf[/file]
[code]
# LOCAL SETTINGS
clear_tmp_enable="YES"
dumpdev="AUTO"
# DEAMONS
## CRON
cron_enable="NO"
## SYSLOGD
syslogd_flags="-ss"
## UNBOUND
local_unbound_enable="NO"
## SSH
sshd_enable="NO"
##SENDMAIL
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
/etc/resolv.conf -empty
Code:
ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
groups: lo
hn0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8051b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,TSO4,LRO,LINKSTATE>
ether 00:15:5d:02:03:02
inet 10.10.20.1 netmask 0xffffffff broadcast 10.10.20.1
media: Ethernet autoselect (10Gbase-T <full-duplex>)
status: active
Destination Gateway Flags Netif Expire
10.10.20.1 link#2 UHS lo0
ping google.com
PING google.com (216.58.215.78): 56 data bytes
^C
--- google.com ping statistics ---
5 packets transmitted, 0 packets received, 100.0% packet loss
Code:
tcpdump icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on hn0, link-type EN10MB (Ethernet), capture size 262144 bytes
18:42:51.667980 IP 10.10.20.1 > waw02s16-in-f14.1e100.net: ICMP echo request, id 57350, seq 68, length 64
18:42:52.740581 IP 10.10.20.1 > waw02s16-in-f14.1e100.net: ICMP echo request, id 57350, seq 69, length 64
18:42:53.813324 IP 10.10.20.1 > waw02s16-in-f14.1e100.net: ICMP echo request, id 57350, seq 70, length 64
18:42:54.879759 IP 10.10.20.1 > waw02s16-in-f14.1e100.net: ICMP echo request, id 57350, seq 71, length 64
18:42:55.939885 IP 10.10.20.1 > waw02s16-in-f14.1e100.net: ICMP echo request, id 57350, seq 72, length 64
18:42:57.012495 IP 10.10.20.1 > waw02s16-in-f14.1e100.net: ICMP echo request, id 57350, seq 73, length 64
18:42:58.085009 IP 10.10.20.1 > waw02s16-in-f14.1e100.net: ICMP echo request, id 57350, seq 74, length 64
18:42:59.157627 IP 10.10.20.1 > waw02s16-in-f14.1e100.net: ICMP echo request, id 57350, seq 75, length 64
18:43:00.230234 IP 10.10.20.1 > waw02s16-in-f14.1e100.net: ICMP echo request, id 57350, seq 76, length 64
18:43:01.302856 IP 10.10.20.1 > waw02s16-in-f14.1e100.net: ICMP echo request, id 57350, seq 77, length 64