[PC-BSD Testing] BIND problem in jail

Kris Moore kris at pcbsd.org
Fri Mar 26 02:49:28 PDT 2010


On 03/26/2010 13:31, Jeff wrote:
> Yes created with the Warden (in 7.1.1).
>
> Output of jls:
>
>    JID  IP Address      Hostname                      Path
>      1  192.168.1.12    Drupal                        
> /usr/local/warden/jails/192.168.1.12
>      2  10.1.1.1        pcbsd-2276                    /usr/jails/portjail
>
> Contents of etc/pf.conf:
>
> set skip on lo0
> set block-policy return
> scrub in all
> nat on lagg0 from lo1:network to any -> (lagg0)
> nat on re0 from lo1:network to any -> (re0)
> block in log
> antispoof quick for lo0 inet
> block in from no-route to any
> pass out keep state
> table <blacklist> persist file "/etc/blacklist"
> pass inet proto icmp from any to any
> pass inet6 proto icmp6 from any to any
> pass in proto {tcp,udp} from any to any port 49152:65535 keep state
> block from <blacklist> to any
> pass in on re0 proto tcp from any to (re0) port 80 keep state
> pass in on re0 proto udp from any to (re0) port 138 keep state
> pass in on re0 proto udp from any to (re0) port 111 keep state
> pass in on re0 proto udp from any to (re0) port 1110 keep state
> pass in on re0 proto udp from any to (re0) port 2049 keep state
> pass in on re0 proto udp from any to (re0) port 4045 keep state
> pass in on re0 proto tcp from any to (re0) port 445 keep state
> pass in on re0 proto tcp from any to (re0) port 137 keep state
> pass in on re0 proto tcp from any to (re0) port 139 keep state
> pass in on re0 proto tcp from any to (re0) port 111 keep state
> pass in on re0 proto tcp from any to (re0) port 1110 keep state
> pass in on re0 proto tcp from any to (re0) port 4045 keep state
> pass in on lagg0 proto udp from any to (lagg0) port 137 keep state
> pass in on lagg0 proto udp from any to (lagg0) port 138 keep state
> pass in on lagg0 proto udp from any to (lagg0) port 111 keep state
> pass in on lagg0 proto udp from any to (lagg0) port 1110 keep state
> pass in on lagg0 proto udp from any to (lagg0) port 2049 keep state
> pass in on lagg0 proto udp from any to (lagg0) port 4045 keep state
> pass in on lagg0 proto tcp from any to (lagg0) port 445 keep state
> pass in on lagg0 proto tcp from any to (lagg0) port 137 keep state
> pass in on lagg0 proto tcp from any to (lagg0) port 139 keep state
> pass in on lagg0 proto tcp from any to (lagg0) port 111 keep state
> pass in on lagg0 proto tcp from any to (lagg0) port 1110 keep state
> pass in on lagg0 proto tcp from any to (lagg0) port 4045 keep state
> pass out on re0 proto tcp from any to (re0) port 80 keep state
> pass in on re0 proto tcp from any to (re0) port 8080 keep state
> pass out on re0 proto tcp from any to (re0) port 8080 keep state
> pass in on lagg0 proto tcp from any to (lagg0) port 80 keep state
> pass out on lagg0 proto tcp from any to (lagg0) port 80 keep state
>
>

Ok, that helps. Few more things now, which interface is this jail 
running on? Send output of "ifconfig" and look for the IP 192.168.1.12, 
is it active on lagg0 or re0?

Next, can you ping that IP locally? If so, do you have another machine 
on the network which can ping it? How about if you stop "pf"? 
"/etc/rc.d/pf stop"


-- 
Kris Moore
PC-BSD Software
iXsystems

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.pcbsd.org/pipermail/testing/attachments/20100326/39dd1e73/attachment.html>


More information about the Testing mailing list