My jail is setup by
My bridge configuration is
After starting the jail, I ran the command sequence inside the jail
with
Finally when trying to access the dns service from the jail itself wit
Same error happens with
When running
and when running
How solve this problem?
Code:
dns0 {
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
exec.consolelog = "/var/log/jail_console_${name}.log";
allow.raw_sockets;
exec.clean;
mount.devfs;
devfs_ruleset = 5;
path = "/jails/${name}";
host.hostname = "${name}";
$unterid = "3";
$id = "${unterid}";
$ip = "192.168.0.${unterid}/24";
$gateway = "192.168.0.1";
$bridge = "bridge0";
$epair = "epair${id}";
vnet;
vnet.interface = "${epair}b";
exec.prestart = "/sbin/ifconfig ${epair} create up";
exec.prestart += "/sbin/ifconfig ${epair}a up descr jail:${name}";
exec.prestart += "/sbin/ifconfig ${bridge} addm ${epair}a up";
exec.prestart += "/sbin/ifconfig ${epair}a ether 02:22:22:22:22:0a";
exec.prestart += "/sbin/ifconfig ${epair}b ether 02:22:22:22:22:0b";
exec.start += "/sbin/ifconfig ${epair}b ${ip} up";
exec.start += "/sbin/route add default ${gateway}";
exec.poststop = "/sbin/ifconfig ${bridge} deletem ${epair}a";
exec.poststop += "/sbin/ifconfig ${epair}a destroy";
}
ifconfig bridge0 inet 192.168.0.0/24 addm em0
.After starting the jail, I ran the command sequence inside the jail
Code:
pkg install bind-tools bind918
cp named.conf /usr/local/etc/namedb/named.conf
chown bind:bind /usr/local/etc/namedb/named.conf
chmod 655 /usr/local/etc/namedb/named.conf
mkdir -p /var/named
chmod 775 /var/named/
chown bind:bind /var/named
mkdir -p /var/named/data
chown -R bind:bind /var/named/
chmod -R 664 /var/named/
chmod 775 /var/named/
chmod 775 /var/named/data
sysrc altlog_proglist+=named
service named enable
service named start
service named restart
service named reload
named.conf
containing
Code:
acl LAN {
192.168.0.0/24;
};
acl ALLEN_LOCALHOST {
127.0.0.1/32;
};
acl PUBLIC0 {
192.168.0.3;
};
options {
directory "/var/named";
allow-recursion { LAN; localhost; };
forwarders {
1.1.1.1; // Cloudflare
208.67.222.222; // OpenDNS
};
listen-on { PUBLIC0; localhost; };
listen-on-v6 { none; };
pid-file "/var/run/named/pid";
allow-transfer port 53 { PUBLIC0; 0.0.0.0; };
allow-query { localhost; LAN; };
recursion yes;
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
};
jexec 9 dig google.com @127.0.0.1 -p 53
I get the error:
Code:
;; communications error to 127.0.0.1#53: connection refused
;; communications error to 127.0.0.1#53: connection refused
;; communications error to 127.0.0.1#53: connection refused
; <<>> DiG 9.18.29 <<>> google.com @127.0.0.1 -p 53
;; global options: +cmd
;; no servers could be reached
Same error happens with
jexec 9 dig google.com @0.0.0.0 -p 53
and jexec 9 dig google.com @192.168.0.3 -p 53
When running
jexec 9 sockstat -4 -l
I get the following output:
Code:
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
bind named 11891 21 tcp4 127.0.0.1:953 *:*
bind named 11891 22 tcp4 127.0.0.1:953 *:*
root syslogd 8067 6 udp4 *:514 *:*
nmap 192.168.0.3
from my linux lapton in the same network I got the output:
Code:
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-09-18 09:58 CST
Nmap scan report for 192.168.0.3
Host is up (0.0014s latency).
All 1000 scanned ports on 192.168.0.3 are in ignored states.
Not shown: 1000 closed tcp ports (reset)
Nmap done: 1 IP address (1 host up) scanned in 6.97 seconds