Solved pkg Protocol not supported error within Jails

I have a FreeBSD 10.3 server setup that is currently running 2 jails, each jail has networking working. One of the jails is running Nginx and the sites in serves is accessible from the net, and the other one runs an IRC bot that is able to connect to FreeNode.

What gets me is when I try to use pkg (such as preforming pkg update or a pkg upgrade it seems like it takes a while to run and eventually I get the following:

Code:
Updating FreeBSD repository catalogue...
pkg: http://pkg.FreeBSD.org/FreeBSD:10:amd64/quarterly/meta.txz: Protocol not supported
repository FreeBSD has no meta file, using default settings
pkg: http://pkg.FreeBSD.org/FreeBSD:10:amd64/quarterly/packagesite.txz: Protocol not supported
Unable to update repository FreeBSD

Trying to research this I have seen a few common responses (jails have the wrong netmask, try running pkg update -f) but none of them seem to work in my case. If it maters I'm managing my jails with iocage (not the python3 version that is still in early stages).

Since it will help This is the contents of my /etc/rc.conf and /etc/pf.conf

Code:
zfs_enable="YES"
hostname="digitalocean"
ifconfig_vtnet0="dhcp"
sshd_enable="YES"
ntpd_enable="YES"
ntpd_sync_on_start="YES"

# Enable port forwarding and packet filtering
pf_enable="YES"
pf_rules="/etc/pf.conf"
pflog_enable="YES"
pflog_logfile="/var/log/pflog"

# Setup the interface that all jails will use
cloned_interfaces="lo1"
ifconfig_lo1="inet 172.16.1.1 netmask 255.255.255.0"
ifconfig_lo1_alias0="inet 172.16.1.2 netmask 255.255.255.255" # webserver jail
ifconfig_lo1_alias1="inet 172.16.1.3 netmask 255.255.255.255" # ircbot jail

# Enable iocage at Startup
iocage_enable="YES"

Code:
# Define the interfaces
ext_if="vtnet0"
ext_ip="{ xxx.xxx.xx.xxx xxx.xxx.xx.xxx }"
int_if="vtnet1"
jail_if="lo1"
jail_net="172.16.1.0/24"

# Define ports for host network
tcp_pass = "{ 44444 123 }"

# Define the IP addresses of the jails
# as well as ports to be allowed redirected
WEBSERVER = "172.16.1.2"
WEBSERVER_PORTS = "{ 22 80 123 443 873 }"

set block-policy drop
set skip on lo0
scrub in all

# Define the NAT for the jails
nat pass on $ext_if from $jail_net to any -> $ext_ip

# Redirect traffic on ports in WEBSERVER_PORTS to the webserver jail
rdr pass on $ext_if inet proto tcp to port $WEBSERVER_PORTS -> $WEBSERVER
rdr pass on $ext_if inet proto udp to port $WEBSERVER_PORTS -> $WEBSERVER

block in all
pass out quick on { $ext_if $jail_if } inet keep state
antispoof quick for ($ext_if) inet
pass in proto tcp to port $tcp_pass keep state
pass inet proto icmp icmp-type echoreq

Hopefully someone here can spot my stupid configuration mistake that I'm somehow over looking.

Thanks in advance.
 
The problem seems to affect other tools than just pkg, if I try to download something within the jail with fetch I get a transfer time out error which seems to suggest more of a networking problem than a configuration issue with pkg.
 
Is not network problem. For example When You update package using pkg then Xorg will be broken. Look at date Ports Tree (fresh ports) have 2016, and instaling from source ending succesfully. Everything is working. But Xorg using PKG have date 2017.04.11 and update base system using pkg broke Xorg installation. Missing Hald, Dbus, some driver. Now problem with this. What next.. backdor. FreeBSD is too powerfull and secure...

I'm sorry I don't follow, I didn't mention any thing about Xorg or it being broken in my Jails, which are all running on a headless system in DigitalOcean so neither the host or the two configured Jails have Xorg even installed. My problem is output connections from within a Jail is failing (pkg update/upgrade, fetch, telnet google.com 80/443, etc) but incoming connections like requests on port 80 and 443 are getting to Nginx that is running inside one of the two jails.
 
I figured out the problem, my nat rule for PF was wrong. I had it pointing to my external IP of the server instead of the network interface. Changing that and reloading PF's rules fixed the issues.
 
Back
Top