[PC-BSD Testing] BIND problem in jail

Jeff dejamuse at yahoo.com
Fri Mar 26 19:06:51 PDT 2010 


# pbreg get /PC-BSD/TheWarden/NIC

returned: lo1root at pcbsd-2276#

Then I reset the jails NIC to re0 and now it works.

Presently the system is using DHCP with the router, but I want to use a static IP.

Why did changing the system to a static IP in the first place cause this problem?

re0 is the name of the network card, but what the heck is lagg0 and lo1?

Next I'll try changing to a static IP and possibly repeating this procedure.

...Jeff

--- On Fri, 3/26/10, Kris Moore <kris at pcbsd.org> wrote:

From: Kris Moore <kris at pcbsd.org>
Subject: Re: [PC-BSD Testing] BIND problem in jail
To: "PC-BSD Testing list" <testing at lists.pcbsd.org>
Date: Friday, March 26, 2010, 7:17 AM





  
On 03/26/2010 13:31, Jeff wrote:

  
    
      
        Yes created with the Warden (in 7.1.1).

        

        Output of jls:

        

   JID  IP Address      Hostname                      Path

     1  192.168.1.12    Drupal                       
/usr/local/warden/jails/192.168.1.12

     2  10.1.1.1        pcbsd-2276                   
/usr/jails/portjail

        

        Contents of etc/pf.conf:

        

set skip on lo0

set block-policy return

scrub in all

nat on lagg0 from lo1:network to any -> (lagg0)

nat on re0 from lo1:network to any -> (re0)

block in log

antispoof quick for lo0 inet

block in from no-route to any

pass out keep state

table <blacklist> persist file "/etc/blacklist"

pass inet proto icmp from any to any

pass inet6 proto icmp6 from any to any

pass in proto {tcp,udp} from any to any port 49152:65535 keep state

block from <blacklist> to any

pass in on re0 proto tcp from any to (re0) port 80 keep state

pass in on re0 proto udp from any to (re0) port 138 keep state

pass in on re0 proto udp from any to (re0) port 111 keep state

pass in on re0 proto udp from any to (re0) port 1110 keep state

pass in on re0 proto udp from any to (re0) port 2049 keep state

pass in on re0 proto udp from any to (re0) port 4045 keep state

pass in on re0 proto tcp from any to (re0) port 445 keep state

pass in on re0 proto tcp from any to (re0) port 137 keep state

pass in on re0 proto tcp from any to (re0) port 139 keep state

pass in on re0 proto tcp from any to (re0) port 111 keep state

pass in on re0 proto tcp from any to (re0) port 1110 keep state

pass in on re0 proto tcp from any to (re0) port 4045 keep state

pass in on lagg0 proto udp from any to (lagg0) port 137 keep state

pass in on lagg0 proto udp from any to (lagg0) port 138 keep state

pass in on lagg0 proto udp from any to (lagg0) port 111 keep state

pass in on lagg0 proto udp from any to (lagg0) port 1110 keep state

pass in on lagg0 proto udp from any to (lagg0) port 2049 keep state

pass in on lagg0 proto udp from any to (lagg0) port 4045 keep state

pass in on lagg0 proto tcp from any to (lagg0) port 445 keep state

pass in on lagg0 proto tcp from any to (lagg0) port 137 keep state

pass in on lagg0 proto tcp from any to (lagg0) port 139 keep state

pass in on lagg0 proto tcp from any to (lagg0) port 111 keep state

pass in on lagg0 proto tcp from any to (lagg0) port 1110 keep state

pass in on lagg0 proto tcp from any to (lagg0) port 4045 keep state

pass out on re0 proto tcp from any to (re0) port 80 keep state

pass in on re0 proto tcp from any to (re0) port 8080 keep state

pass out on re0 proto tcp from any to (re0) port 8080 keep state

pass in on lagg0 proto tcp from any to (lagg0) port 80 keep state

pass out on lagg0 proto tcp from any to (lagg0) port 80 keep state

        
      
    
  



Oh another thing to check. We need to make sure the jail is getting
started on the right network interface. Try this as root:



# pbreg get /PC-BSD/TheWarden/NIC



What is that set to? If you are using the lagg0 interface in ifconfig,
then you'll need to set it to lagg0 with:



# pbreg set /PC-BSD/TheWarden/NIC lagg0



Otherwise, it'll need to bet set to the right device, such as re0 and
restart the jail. 



-- 
Kris Moore
PC-BSD Software
iXsystems
 

-----Inline Attachment Follows-----

_______________________________________________
Testing mailing list
Testing at lists.pcbsd.org
http://lists.pcbsd.org/mailman/listinfo/testing



      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.pcbsd.org/pipermail/testing/attachments/20100326/54c222ec/attachment.html>

More information about the Testing mailing list