[PC-BSD Testing] BIND problem in jail

Jeff dejamuse at yahoo.com
Fri May 7 07:09:24 PDT 2010 

Well, this has come back to bite me again.

I was living in Thailand when it I fixed it, using a Dlink ADSL router and used DHCP for the PCBSD box.  Then I moved back to the US and set up my old network using a Linksys router and a Linksys wireless bridge to connect my PCBSD box to the router and the internet.

I'm using lagg0 for the jail but set up the box with a static IP.  So now the original problem is back - slow server response in the jail and Drupal cannot talk to the internet for updates and such.  Set it up with DHCP and same problem.

Oddly enough, when I had it setup with a static IP, Firefox was really slow accessing the server site, like 10 seconds lag, but Opera was the normal 1 or 2 seconds.  When I changed to DHCP both were slow, taking nearly 20 seconds to respond - it's all lag time - the page loads very fast after that.

I noticed at boot there is a message something to the effect of re0 busy.  Also noticed in Webmin, the network interface is reported as:

 
Name   
Type   
IP 
Address   
Netmask   
Status   
 



lagg0
Unknown
192.168.1.101
255.255.255.0
Up




  lagg0:0
Unknown (Virtual)
192.168.1.12
255.255.255.255
Up


 

lo0
Loopback
127.0.0.1
255.0.0.0
Up
192.168.1.12 is the IP for the jail and .101 is the network interface card on DHCP.

I have had similar problems with PCBSD going way back and never resolved them.  I just keep fiddling and rebooting and somehow it magically gets fixed but I never know why.  Now however, I can't get it to work properly no matter what I try.

What in the world causes this behavior and how do I fix it?

...Jeff

--- On Sat, 3/27/10, Jeff <dejamuse at yahoo.com> wrote:

From: Jeff <dejamuse at yahoo.com>
Subject: Re: [PC-BSD Testing] BIND problem in jail
To: "PC-BSD Testing list" <testing at lists.pcbsd.org>
Date: Saturday, March 27, 2010, 4:28 AM

Rebooted the machine and now can access the server from the other computer as before.

Hurray!

Still confusing krap though...

--- On Sat, 3/27/10, Jeff <dejamuse at yahoo.com> wrote:

From: Jeff <dejamuse at yahoo.com>
Subject: Re: [PC-BSD Testing] BIND problem in jail
To: "PC-BSD Testing list" <testing at lists.pcbsd.org>
Date: Saturday, March 27, 2010, 3:43 AM

Also should note that when the interface for the jail was set to re0, Drupal could not reach the outside world (to check for module updates) and I could not ping the IP from another computer in my local network (on a
 wireless port to the router).

Now using lagg0 I can ping the IP from the other computer but I cannot connect to the server as I could before.  Strange.   I suspect that has more to do with the router than PCBSD.  I had been tinkering with it before, trying to expose the server to the internet.  That normally requires port forwarding which in turn requires a static IP for the server.  But when I first set things up, the server box was using DHCP and I could access the server on port 80 from the other computer - now I can't, even after resetting the router back to where it was.

Confusing krap!

--- On
 Sat, 3/27/10, Jeff <dejamuse at yahoo.com> wrote:

From: Jeff <dejamuse at yahoo.com>
Subject: Re: [PC-BSD Testing] BIND problem in jail
To: "PC-BSD Testing list" <testing at lists.pcbsd.org>
Date: Saturday, March 27, 2010, 3:22 AM

When I reset the jail to use re0, the response of the server in the jail was sluggish, like 15 seconds to render a page.

Then I set it to use lagg0 and it's now fast again.

I don't understand too much of this network stuff - confusing.

--- On Fri, 3/26/10, Kris Moore <kris at pcbsd.org> wrote:

From: Kris Moore
 <kris at pcbsd.org>
Subject: Re: [PC-BSD Testing] BIND problem in jail
To: "PC-BSD Testing list" <testing at lists.pcbsd.org>
Date: Friday, March 26, 2010, 7:17 AM





  
On 03/26/2010 13:31, Jeff wrote:

  
    
      
        Yes created with the Warden (in 7.1.1).

        

        Output of jls:

        

   JID  IP Address      Hostname                      Path

     1  192.168.1.12    Drupal                       
/usr/local/warden/jails/192.168.1.12

     2  10.1.1.1        pcbsd-2276                   
/usr/jails/portjail

        

        Contents of etc/pf.conf:

        

set skip on lo0

set block-policy return

scrub in all

nat on lagg0 from lo1:network to any -> (lagg0)

nat on re0 from lo1:network to any -> (re0)

block in log

antispoof quick for lo0 inet

block in from no-route to any

pass out keep state

table <blacklist> persist file "/etc/blacklist"

pass inet proto icmp from any to any

pass inet6 proto icmp6 from any to any

pass in proto {tcp,udp} from any to any port 49152:65535 keep state

block from <blacklist> to any

pass in on re0 proto tcp from any to (re0) port 80 keep state

pass in on re0 proto udp from any to (re0) port 138 keep state

pass in on re0 proto udp from any to (re0) port 111 keep state

pass in on re0 proto udp from any to (re0) port 1110 keep state

pass in on re0 proto udp from any to (re0) port 2049 keep state

pass in on re0 proto udp from any to (re0) port 4045 keep state

pass in on re0 proto tcp from any to (re0) port 445 keep state

pass in on re0 proto tcp from any to (re0) port 137 keep state

pass in on re0 proto tcp from any to (re0) port 139 keep state

pass in on re0 proto tcp from any to (re0) port 111 keep state

pass in on re0 proto tcp from any to (re0) port 1110 keep state

pass in on re0 proto tcp from any to (re0) port 4045 keep state

pass in on lagg0 proto udp from any to (lagg0) port 137 keep state

pass in on lagg0 proto udp from any to (lagg0) port 138 keep state

pass in on lagg0 proto udp from any to (lagg0) port 111 keep state

pass in on lagg0 proto udp from any to (lagg0) port 1110 keep state

pass in on lagg0 proto udp from any to (lagg0) port 2049 keep state

pass in on lagg0 proto udp from any to (lagg0) port 4045 keep state

pass in on lagg0 proto tcp from any to (lagg0) port 445 keep state

pass in on lagg0 proto tcp from any to (lagg0) port 137 keep state

pass in on lagg0 proto tcp from any to (lagg0) port 139 keep state

pass in on lagg0 proto tcp from any to (lagg0) port 111 keep state

pass in on lagg0 proto tcp from any to (lagg0) port 1110 keep state

pass in on lagg0 proto tcp from any to (lagg0) port 4045 keep state

pass out on re0 proto tcp from any to (re0) port 80 keep state

pass in on re0 proto tcp from any to (re0) port 8080 keep state

pass out on re0 proto tcp from any to (re0) port 8080 keep state

pass in on lagg0 proto tcp from any to (lagg0) port 80 keep state

pass out on lagg0 proto tcp from any to (lagg0) port 80 keep state

        
      
    
  



Oh another thing to check. We need to make sure the jail is getting
started on the right network interface. Try this as root:



# pbreg get /PC-BSD/TheWarden/NIC



What is that set to? If you are using the lagg0 interface in ifconfig,
then you'll need to set it to lagg0 with:



# pbreg set /PC-BSD/TheWarden/NIC lagg0



Otherwise, it'll need to bet set to the right device, such as re0 and
restart the jail. 



-- 
Kris Moore
PC-BSD Software
iXsystems
 

-----Inline Attachment Follows-----

_______________________________________________
Testing mailing list
Testing at lists.pcbsd.org
http://lists.pcbsd.org/mailman/listinfo/testing





      
-----Inline Attachment Follows-----

_______________________________________________
Testing mailing list
Testing at lists.pcbsd.org
http://lists.pcbsd.org/mailman/listinfo/testing



      
-----Inline Attachment Follows-----

_______________________________________________
Testing mailing list
Testing at lists.pcbsd.org
http://lists.pcbsd.org/mailman/listinfo/testing





      
-----Inline Attachment Follows-----

_______________________________________________
Testing mailing list
Testing at lists.pcbsd.org
http://lists.pcbsd.org/mailman/listinfo/testing



      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.pcbsd.org/pipermail/testing/attachments/20100507/67a956c5/attachment-0001.html>

More information about the Testing mailing list