[PC-BSD Testing] BIND problem in jail

Kris Moore kris at pcbsd.org
Fri Mar 26 04:17:31 PDT 2010


On 03/26/2010 13:31, Jeff wrote:
> Yes created with the Warden (in 7.1.1).
>
> Output of jls:
>
>    JID  IP Address      Hostname                      Path
>      1  192.168.1.12    Drupal                        
> /usr/local/warden/jails/192.168.1.12
>      2  10.1.1.1        pcbsd-2276                    /usr/jails/portjail
>
> Contents of etc/pf.conf:
>
> set skip on lo0
> set block-policy return
> scrub in all
> nat on lagg0 from lo1:network to any -> (lagg0)
> nat on re0 from lo1:network to any -> (re0)
> block in log
> antispoof quick for lo0 inet
> block in from no-route to any
> pass out keep state
> table <blacklist> persist file "/etc/blacklist"
> pass inet proto icmp from any to any
> pass inet6 proto icmp6 from any to any
> pass in proto {tcp,udp} from any to any port 49152:65535 keep state
> block from <blacklist> to any
> pass in on re0 proto tcp from any to (re0) port 80 keep state
> pass in on re0 proto udp from any to (re0) port 138 keep state
> pass in on re0 proto udp from any to (re0) port 111 keep state
> pass in on re0 proto udp from any to (re0) port 1110 keep state
> pass in on re0 proto udp from any to (re0) port 2049 keep state
> pass in on re0 proto udp from any to (re0) port 4045 keep state
> pass in on re0 proto tcp from any to (re0) port 445 keep state
> pass in on re0 proto tcp from any to (re0) port 137 keep state
> pass in on re0 proto tcp from any to (re0) port 139 keep state
> pass in on re0 proto tcp from any to (re0) port 111 keep state
> pass in on re0 proto tcp from any to (re0) port 1110 keep state
> pass in on re0 proto tcp from any to (re0) port 4045 keep state
> pass in on lagg0 proto udp from any to (lagg0) port 137 keep state
> pass in on lagg0 proto udp from any to (lagg0) port 138 keep state
> pass in on lagg0 proto udp from any to (lagg0) port 111 keep state
> pass in on lagg0 proto udp from any to (lagg0) port 1110 keep state
> pass in on lagg0 proto udp from any to (lagg0) port 2049 keep state
> pass in on lagg0 proto udp from any to (lagg0) port 4045 keep state
> pass in on lagg0 proto tcp from any to (lagg0) port 445 keep state
> pass in on lagg0 proto tcp from any to (lagg0) port 137 keep state
> pass in on lagg0 proto tcp from any to (lagg0) port 139 keep state
> pass in on lagg0 proto tcp from any to (lagg0) port 111 keep state
> pass in on lagg0 proto tcp from any to (lagg0) port 1110 keep state
> pass in on lagg0 proto tcp from any to (lagg0) port 4045 keep state
> pass out on re0 proto tcp from any to (re0) port 80 keep state
> pass in on re0 proto tcp from any to (re0) port 8080 keep state
> pass out on re0 proto tcp from any to (re0) port 8080 keep state
> pass in on lagg0 proto tcp from any to (lagg0) port 80 keep state
> pass out on lagg0 proto tcp from any to (lagg0) port 80 keep state
>

Oh another thing to check. We need to make sure the jail is getting 
started on the right network interface. Try this as root:

# pbreg get /PC-BSD/TheWarden/NIC

What is that set to? If you are using the lagg0 interface in ifconfig, 
then you'll need to set it to lagg0 with:

# pbreg set /PC-BSD/TheWarden/NIC lagg0

Otherwise, it'll need to bet set to the right device, such as re0 and 
restart the jail.

-- 
Kris Moore
PC-BSD Software
iXsystems

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.pcbsd.org/pipermail/testing/attachments/20100326/cf9dc7b8/attachment-0001.html>


More information about the Testing mailing list