DaemonForums  

Go Back   DaemonForums > FreeBSD > FreeBSD Installation and Upgrading

FreeBSD Installation and Upgrading Installing and upgrading FreeBSD.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 25th July 2008
bsduser bsduser is offline
Port Guard
 
Join Date: Jun 2008
Location: Toronto
Posts: 12
Default Freebsd 7.0 natd problem with jail

Hello guys, I got a freebsd jail up and running, I have only one problem, I can't go over internet with the jail ( but I can ping all the machines in my local network ) .. I tried to forward the packets from fbsd hosts ip to freebsd trought nat, but something seem doesn't work properly .. here something about my configuration

/etc/rc.conf ( freebsd host )

Code:
# -- sysinstall generated deltas -- # Fri Feb  9 17:54:42 2007
# Created: Fri Feb  9 17:54:42 2007
# Enable network daemons for user convenience.
# Please make all changes to this file, not to /etc/defaults/rc.conf.
# This file now contains just the overrides from /etc/defaults/rc.conf.
defaultrouter="192.168.1.1"
gateway_enable="YES"
hostname="Ultra5.fBSD"
ifconfig_hme0="inet 192.168.1.10  netmask 255.255.255.0"
ifconfig_lo0="inet 127.0.0.1"   # default loopback device configuration.
ifconfig_hme0_alias0="inet 192.168.1.20 netmask 255.255.255.255"
#ifconfig_DEFAULT="DHCP"
#background_dhclient="YES"
inetd_enable="YES"
inetd_flags="-wW -a 192.168.1.10"
sshd_enable="YES"
#usbd_enable="YES"
# IPFW

firewall_enable="YES"
firewall_type="OPEN"
#firewall_logging="YES"
firewall_quite="NO"
#firewall_script="/etc/rc.fire"
#firewall_flags=""

#Nat e ppp
#ppp_nat="YES"
#ppp_enable="YES"
#ppp_mode="ddial"
#ppp_profile="name_of_service_provider"

# Natd
natd_enable="YES"
natd_interface="hme0"
natd_flags="-f /etc/natd.conf"

# Servizi ftp
vsftpd_enable="YES"

sendmail_enable="NO"
#fsck_y_enable=YES


# NFS
rpcbind_enable="NO"
nfs_server_enable="YES"
mountd_flags="-r"

# Jail(s) 
jail_enable="YES"   # Set to NO to disable starting of any jails
jail_list="my freebsd jail subsystem"            # Space separated list of names of jails
jail_JAILDIR_rootdir="/usr/jail/JAILDIR"         # jail's root directory
jail_JAILDIR_hostname="jail.local"               # jail's hostname
jail_JAILDIR_ip="192.168.1.20"                   # jail's IP address
jail_JAILDIR_devfs_enable="YES"                  # mount devfs in the jail
jail_JAILDIR_devfs_ruleset="devfsrules_jail"     # devfs ruleset to apply to jail
jail_JAILDIR_exec_start_="/bin/tcsh /etc/rc"
ifconfig ( freebsd host )

Code:
hme0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=b<RXCSUM,TXCSUM,VLAN_MTU>
        ether 08:00:20:c2:f7:37
        inet 192.168.1.10 netmask 0xffffff00 broadcast 192.168.1.255
        inet 192.168.1.20 netmask 0xffffffff broadcast 192.168.1.20
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2 
        inet6 ::1 prefixlen 128 
        inet 127.0.0.1 netmask 0xff000000
/etc/natd.conf ( freebsd host )

Code:
redirect_address 192.168.1.10 192.168.1.20
#redirect_address 192.168.2.101 192.168.2.102
#redirect_address 192.168.2.101 192.168.2.100
redirect_port tcp 192.168.1.20:6667 6667
redirect_port tcp 192.168.1.20:80 80
redirect_port tcp 192.168.1.20:21 21
/etc/sysctl.conf ( freebsd host )

Code:
security.jail.allow_raw_sockets=1
net.inet.ip.fw.one_pass=1
/etc/rc.conf ( freebsd jail )

Code:
hostname="jail.local"
ifconfig_hme0="inet 192.168.1.20 netmask 255.255.255.255"
defaultrouter="192.168.1.10"
rpcbind_enable="NO"
and of course such as server dns in the freebsd jail I put the gw ip addres, but it seems doesn't work, thats what I got ..

Code:
jail# ping www.google.com
ping: cannot resolve www.google.com: Host name lookup failure
any idea about that ?
__________________
OpenSource + Free Thinking + Free Choise = FreeBSD
http://www.openbsd.org/zaurus.html
Edit/Delete Message
Reply With Quote
  #2   (View Single Post)  
Old 25th July 2008
anomie's Avatar
anomie anomie is offline
Local
 
Join Date: Apr 2008
Location: Texas
Posts: 445
Default

To begin with, running natd on the host system should not be necessary. Both your primary and alias (host and jail, respectively) IP addresses are RFC 1918 address space, so I'm presuming that you are behind a home router/NAT device already anyway. Which is a long way of saying: if your internet connection is working on the host system, you should be able to get it working similarly on the jailed system.

NB a couple points:
  • You will need to add nameservers to /etc/resolv.conf within your jail.
  • You can not ping from within a jail. Instead use nc or nmap (or the like) for testing connectivity. edit: sorry -- I see you've enabled raw sockets. So you should be able to use ping to test connectivity.

Hope this helps.
__________________
Kill your t.v.

Last edited by anomie; 25th July 2008 at 07:26 PM. Reason: fix
Reply With Quote
  #3   (View Single Post)  
Old 26th July 2008
bsduser bsduser is offline
Port Guard
 
Join Date: Jun 2008
Location: Toronto
Posts: 12
Default

Quote:
Originally Posted by anomie View Post

NB a couple points:
  • You will need to add nameservers to /etc/resolv.conf within your jail.
  • You can not ping from within a jail. Instead use nc or nmap (or the like) for testing connectivity. edit: sorry -- I see you've enabled raw sockets. So you should be able to use ping to test connectivity.

Hope this helps.
ehm, I solved it, I just put in the freebsd jail as server dns the opendns dns server, but, its kinda weird, because I had put as server dns the freebsd host ip addres, and it should be work, because it has the right server dns in /etc/resolv.conf ..

I dunno ...

Thanks
__________________
OpenSource + Free Thinking + Free Choise = FreeBSD
http://www.openbsd.org/zaurus.html
Edit/Delete Message

Last edited by bsduser; 26th July 2008 at 12:47 AM.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
natd redirect_port problems map7 FreeBSD General 7 9th June 2010 06:22 AM
chroot jail FreeBSD "su: who are you?" Dr_Death_UAE FreeBSD Security 0 27th May 2009 07:51 AM
Pf need natd? TiN-MAN FreeBSD Installation and Upgrading 2 5th July 2008 08:25 PM
samba wont operate under natd/ipfw Johnny2Bad FreeBSD General 3 24th May 2008 09:46 PM
flush natd rules nenduvel FreeBSD Security 1 3rd May 2008 08:59 PM


All times are GMT. The time now is 10:44 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick