There are a lot of threads here, and elsewhere, dealing with this issue in its various forms. I've tried to adapt the suggestions in these three threads, with no success:
http://forums.freebsd.org/showthread.php?t=10565
http://forums.freebsd.org/showthread.php?t=38351
http://forums.freebsd.org/showthread.php?t=17172
I have sshd running on port 2022 in the jail, and on port 22 in the host environment. Both are only bound to their respective IP addresses (host: 192.168.1.4, jail: 192.168.0.1.) I want to forward port 2022 from the host to 2022 in the jail.
/etc/rc.conf (with the irrelevant things removed):
pf.conf (the second rule is there just to see if it works from the host to itself):
sshd is definitely running on 192.168.0.1:2022 because I can ssh to it from the host.
I don't really have experience with routing and firewall configuration, so I'm not sure if there's a problem with my network configuration, with my jail, or with something else (like MAC, which I have enabled.) In any case, it obviously doesn't work from the host to itself, either, so I'm guessing I missed an important configuration step somewhere.
I also tried natd, but that wasn't helpful and I couldn't figure out how to show the status of what it was forwarding.
Thanks!
Kevin Barry
http://forums.freebsd.org/showthread.php?t=10565
http://forums.freebsd.org/showthread.php?t=38351
http://forums.freebsd.org/showthread.php?t=17172
I have sshd running on port 2022 in the jail, and on port 22 in the host environment. Both are only bound to their respective IP addresses (host: 192.168.1.4, jail: 192.168.0.1.) I want to forward port 2022 from the host to 2022 in the jail.
/etc/rc.conf (with the irrelevant things removed):
Code:
ifconfig_re0="DHCP"
sshd_enable="YES"
ntpd_enable="YES"
gateway_enable="YES"
pf_enable="YES"
pf_rules="/etc/pf.conf"
pflog_enable="YES"
pf.conf (the second rule is there just to see if it works from the host to itself):
Code:
nat pass on re0 inet proto tcp from any to 192.168.1.4 port 2022 -> 192.168.0.1 port 2022
nat pass on re0 inet proto tcp from any to 192.168.1.4 port 3022 -> 192.168.1.4 port 22
pass in all
pass out all
ifconfig re0
(jail sets up the alias 192.168.0.1):
Code:
re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
ether XX:XX:XX:XX:XX:XX
inet 192.168.1.4 netmask 0xffffff00 broadcast 192.168.1.255
inet 192.168.0.1 netmask 0xffffffff broadcast 192.168.0.1
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
maclabel biba/equal(equal-equal),mls/low(low-low)
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
sudo pfctl -sa -P
also shows the two forwarding rules. ssh 192.168.1.4 -p 2022
and ssh 192.168.1.4 -p 3022
both fail, however (the latter isn't important; it's just there for additional debugging.) I get an immediate "Connection refused", which to me means nothing is there to receive the connection.I don't really have experience with routing and firewall configuration, so I'm not sure if there's a problem with my network configuration, with my jail, or with something else (like MAC, which I have enabled.) In any case, it obviously doesn't work from the host to itself, either, so I'm guessing I missed an important configuration step somewhere.
I also tried natd, but that wasn't helpful and I couldn't figure out how to show the status of what it was forwarding.
Thanks!
Kevin Barry