I have a FreeBSD 10.3 server setup that is currently running 2 jails, each jail has networking working. One of the jails is running Nginx and the sites in serves is accessible from the net, and the other one runs an IRC bot that is able to connect to FreeNode.
What gets me is when I try to use pkg (such as preforming
Trying to research this I have seen a few common responses (jails have the wrong netmask, try running
Since it will help This is the contents of my /etc/rc.conf and /etc/pf.conf
Hopefully someone here can spot my stupid configuration mistake that I'm somehow over looking.
Thanks in advance.
What gets me is when I try to use pkg (such as preforming
pkg update
or a pkg upgrade
it seems like it takes a while to run and eventually I get the following:
Code:
Updating FreeBSD repository catalogue...
pkg: http://pkg.FreeBSD.org/FreeBSD:10:amd64/quarterly/meta.txz: Protocol not supported
repository FreeBSD has no meta file, using default settings
pkg: http://pkg.FreeBSD.org/FreeBSD:10:amd64/quarterly/packagesite.txz: Protocol not supported
Unable to update repository FreeBSD
Trying to research this I have seen a few common responses (jails have the wrong netmask, try running
pkg update -f
) but none of them seem to work in my case. If it maters I'm managing my jails with iocage (not the python3 version that is still in early stages).Since it will help This is the contents of my /etc/rc.conf and /etc/pf.conf
Code:
zfs_enable="YES"
hostname="digitalocean"
ifconfig_vtnet0="dhcp"
sshd_enable="YES"
ntpd_enable="YES"
ntpd_sync_on_start="YES"
# Enable port forwarding and packet filtering
pf_enable="YES"
pf_rules="/etc/pf.conf"
pflog_enable="YES"
pflog_logfile="/var/log/pflog"
# Setup the interface that all jails will use
cloned_interfaces="lo1"
ifconfig_lo1="inet 172.16.1.1 netmask 255.255.255.0"
ifconfig_lo1_alias0="inet 172.16.1.2 netmask 255.255.255.255" # webserver jail
ifconfig_lo1_alias1="inet 172.16.1.3 netmask 255.255.255.255" # ircbot jail
# Enable iocage at Startup
iocage_enable="YES"
Code:
# Define the interfaces
ext_if="vtnet0"
ext_ip="{ xxx.xxx.xx.xxx xxx.xxx.xx.xxx }"
int_if="vtnet1"
jail_if="lo1"
jail_net="172.16.1.0/24"
# Define ports for host network
tcp_pass = "{ 44444 123 }"
# Define the IP addresses of the jails
# as well as ports to be allowed redirected
WEBSERVER = "172.16.1.2"
WEBSERVER_PORTS = "{ 22 80 123 443 873 }"
set block-policy drop
set skip on lo0
scrub in all
# Define the NAT for the jails
nat pass on $ext_if from $jail_net to any -> $ext_ip
# Redirect traffic on ports in WEBSERVER_PORTS to the webserver jail
rdr pass on $ext_if inet proto tcp to port $WEBSERVER_PORTS -> $WEBSERVER
rdr pass on $ext_if inet proto udp to port $WEBSERVER_PORTS -> $WEBSERVER
block in all
pass out quick on { $ext_if $jail_if } inet keep state
antispoof quick for ($ext_if) inet
pass in proto tcp to port $tcp_pass keep state
pass inet proto icmp icmp-type echoreq
Hopefully someone here can spot my stupid configuration mistake that I'm somehow over looking.
Thanks in advance.