Hello, I am trying to run a mailserver (postfix, dovecot, roundcube) from within a jail. I am trying to `telnet localhost 25` from within a jail to test postfix. my pf conf is preventing this, as I can disable pf and it will work. I can also add `set skip on lo1` and that works, but breaks some other things I have going on. How do I configure pf to allow local telnet from within the jail? (Roundcube also cannot connect to the db on localhost, but one problem at a time. I have not included that part here or the config. Plus, I think it might be the same problem. Hopefully the same fix will work for both.) If anyone has some advice I would appreciate it!
The relevant config is below:
rc.conf:
ifconfig (within jail):
jail.conf:
pf.conf: # I have removed ports/ & additional conf for other things to reduce clutter
The relevant config is below:
rc.conf:
Code:
cloned_interfaces="lo1"
ipv4_addrs_lo1="192.168.0.1-9/29"
Code:
lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
inet 192.168.0.8 netmask 0xffffffff
groups: lo
Code:
mail {
host.hostname = mail;
ip4.addr = "192.168.0.8";
interface = "lo1";
path = "/jails/mail";
mount.devfs;
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
}
Code:
IP_PUB="[REDACTED]"
IP_MAIL="192.168.0.8" # jail for mail
NET_JAIL="192.168.0.0/24"
MAIN_PORT="{ssh}"
PORT_MAIL="{25, 110, 143, 465, 587, 993, 995, 8090, 3306}"
scrub in all
nat pass on vtnet0 from $NET_JAIL to any -> $IP_PUB
#rdr pass on vtnet0 proto tcp from any to 0.0.0.0 port 25 -> $IP_MAIL
rdr pass on vtnet0 proto tcp from any to $IP_PUB port $PORT_MAIL -> $IP_MAIL
block in all
pass in proto tcp to port $MAIN_PORT
pass out all keep state