I have three jails configured with sysutils/ezjail, two of which have /etc/resolve.conf files and can access the network in the usual way, including DNS lookups. The third jail has no DNS lookup and no /etc/resolve.conf file. I tried copying the file from another jail and
Both working and non-working jails gave identical results with an abortive
As the host 10.0.2.100 which does exist doesn't allow password log-in and the jails do not have keys I did not want to proceed further, but this suggests to me that some network communication is possible and the problem is mainly with DNS.
Here is the pf set up on the parent machine:
How do I troubleshoot this issue?
service resolv restart
and then restarting the jail to no avail.Both working and non-working jails gave identical results with an abortive
ssh
on existent and non-existent hosts:
Code:
root@mailin:~ # ssh -l xxxx 10.0.2.100
The authenticity of host '10.0.2.100 (10.0.2.100)' can't be established.
ECDSA key fingerprint is 9e:16:3e:e5:75:67:55:7a:1f:bf:06:5d:36:79:64:e9.
Are you sure you want to continue connecting (yes/no)? n
Please type 'yes' or 'no': no
Host key verification failed.
root@mailin:~ # ssh -l xxxx 10.0.2.111
ssh: connect to host 10.0.2.111 port 22: Operation timed out
root@mailin:~ #
Code:
root@diversediversity:~ # ssh -l xxxx 10.0.2.100
The authenticity of host '10.0.2.100 (10.0.2.100)' can't be established.
ECDSA key fingerprint is 9e:16:3e:e5:75:67:55:7a:1f:bf:06:5d:36:79:64:e9.
Are you sure you want to continue connecting (yes/no)? no
Host key verification failed.
root@diversediversity:~ # ssh -l xxxx 10.0.2.111
ssh: connect to host 10.0.2.111 port 22: Operation timed out
root@diversediversity:~ #
As the host 10.0.2.100 which does exist doesn't allow password log-in and the jails do not have keys I did not want to proceed further, but this suggests to me that some network communication is possible and the problem is mainly with DNS.
ifconfig
gives identical results, except for the IP addresses for lo1 for the jails.Here is the pf set up on the parent machine:
Code:
TRANSLATION RULES:
nat on em0 inet from 127.0.1.1 to any -> (em0) round-robin
nat on em0 inet from 127.0.1.2 to any -> (em0) round-robin
nat on em0 inet from 127.0.1.3 to any -> (em0) round-robin
nat on em0 inet from 127.0.1.4 to any -> (em0) round-robin
nat on em0 inet from 127.0.1.5 to any -> (em0) round-robin
rdr pass on em0 inet proto tcp from any to any port = http -> 127.0.1.1 port 80
rdr pass on em0 inet proto tcp from any to any port = https -> 127.0.1.1 port 44
3
rdr pass on em0 inet proto tcp from any to any port = smtp -> 127.0.1.3 port 25
FILTER RULES:
INFO:
Status: Enabled for 0 days 00:56:34 Debug: Urgent
State Table Total Rate
current entries 0
searches 1738 0.5/s
inserts 7 0.0/s
removals 7 0.0/s
Counters
match 1660 0.5/s
bad-offset 0 0.0/s
fragment 0 0.0/s
short 0 0.0/s
normalize 0 0.0/s
memory 0 0.0/s
bad-timestamp 0 0.0/s
congestion 0 0.0/s
ip-option 0 0.0/s
proto-cksum 0 0.0/s
state-mismatch 0 0.0/s
state-insert 0 0.0/s
state-limit 0 0.0/s
src-limit 0 0.0/s
synproxy 0 0.0/s
TIMEOUTS:
tcp.first 120s
tcp.opening 30s
tcp.established 86400s
tcp.closing 900s
tcp.finwait 45s
tcp.closed 90s
tcp.tsdiff 30s
udp.first 60s
udp.single 30s
udp.multiple 60s
icmp.first 20s
icmp.error 10s
other.first 60s
other.single 30s
other.multiple 60s
frag 30s
interval 10s
adaptive.start 6000 states
adaptive.end 12000 states
src.track 0s
LIMITS:
states hard limit 10000
src-nodes hard limit 10000
frags hard limit 5000
tables hard limit 1000
table-entries hard limit 200000
TABLES:
OS FINGERPRINTS:
710 fingerprints loaded
How do I troubleshoot this issue?