Solved ADB server does not ACK if it is launched inside Linux (Ubuntu) chrooted / jailed / emulated with the Linuxulator

ZioMario

ZioMario

Hello to everyone.

I'm trying to connect to my mobile phone using adb over wifi using the Linuxulator because I want to install a specific java application that requires Linux to work. I have already used Linux virtualized with bhyve and it worked. But I prefer to save some memory trying to use the Linuxulator instead of starting a vm,if possible. I've already tried to run the app using java installed natively on FreeBSD,but it fails because it wasn't designed for this. So :

Code: 
[root@noble /]==> adb connect 192.168.1.2:5555

* daemon not running. starting it now on port 5037 *
cannot bind 'tcp:5037'
ADB server didn't ACK
* failed to start daemon *
error: cannot connect to daemon


that's the error that I get. I'm not sure if I can use some trick or if there is anything that I can do because the Linuxulator does not support that in any way. Instead,if I launch it directly in FreeBSD,it works :

Code: 
[root@marietto /home/marietto]==> adb connect 192.168.1.2:5555

* daemon not running; starting now at tcp:5037
* daemon started successfully
connected to 192.168.1.2:5555

The problem is that the java app does not recognizes that the adb server is working :

Code: 
[root@noble /home/marietto/Desktop/Files/OS/Linux/Tools/DeskDockServer_1.3.0]==> java -jar DeskDockServer_1.3.0.jar

2024-11-21 17:17:34.248   Program: DeskDockServer 1.3.0
2024-11-21 17:17:34.248   System: Linux 5.15.0, amd64
2024-11-21 17:17:34.249   JRE: 21.0.5+11-Ubuntu-1ubuntu124.04
2024-11-21 17:17:36.470   AdbLocator: Found ADB in env PATH
2024-11-21 17:17:36.471   class com.floriandraschbacher.deskdockserver.Main: Using ADB from /usr/bin/adb
2024-11-21 17:17:36.966   ab@3f95b479: Error getting devices: ADB server didn't ACK
2024-11-21 17:17:36.966   q$b@31524dfb: Error getting ADB devices: java.io.IOException: java.io.IOException: ADB server didn't ACK

but it is working :

Code: 
[root@noble /home/marietto/Desktop/Files/OS/Linux/Tools/DeskDockServer_1.3.0]==> ps ax
      
  PID TTY      STAT   TIME COMMAND
 6089 pts/0    R+     0:00 ps ax
 5979 pts/0    S      0:00 adb -P 5037 fork-server server
 5952 pts/0    S      0:00 /bin/zsh
 
According with this thread :

qorg11

Thread 'Make jail available to bind only certain ports'

I want to create a Jail with a public IP address. But as we have IPv4 address shortage. I want to only make the jail able to bind to a range of ports (say 700 to 750).

I asked in the IRC and one answer was to use pf to NAT ports from/to the jail.

this is what I tried to do :

Code: 
nano /etc/pf.conf

nat on $ext_if from 127.0.0.0/24 to any -> 192.168.1.2
rdr on $ext_if proto tcp from any to any port 5037:5555 -> 127.0.0.255

root@noble:/home/marietto/Desktop/Files/OS/Linux/Tools/DeskDockServer_1.3.0# ./adb connect 192.168.1.2:5555

* daemon not running. starting it now on port 5037 *
* daemon started successfully *
** daemon still not running
error: cannot connect to daemon

root@noble:/home/marietto/Desktop/Files/OS/Linux/Tools/DeskDockServer_1.3.0# ps ax
  PID TTY      STAT   TIME COMMAND
 8759 pts/2    R+     0:00 ps ax
 8758 pts/2    S      0:00 adb -P 5037 fork-server server
 8739 pts/2    S      0:00 /bin/bash

but it didn't work :

root@noble:/home/marietto/Desktop/Files/OS/Linux/Tools/DeskDockServer_1.3.0# java -jar DeskDockServer_1.3.0.jar 

2024-11-22 17:33:02.348   Program: DeskDockServer 1.3.0
2024-11-22 17:33:02.348   System: Linux 5.15.0, amd64
2024-11-22 17:33:02.348   JRE: 21.0.5+11-Ubuntu-1ubuntu124.04
2024-11-22 17:33:02.469   AdbLocator: Found ADB in env PATH
2024-11-22 17:33:02.469   class com.floriandraschbacher.deskdockserver.Main: Using ADB from /usr/bin/adb
2024-11-22 17:33:02.508   ab@c703a44: Error getting devices: ADB server didn't ACK
2024-11-22 17:33:02.508   q$b@2b7d5ba: Error getting ADB devices: java.io.IOException: java.io.IOException: ADB server didn't ACK
 
if thats your whole pf config it wont work

Code: 
nat on $ext_if from 127.0.0.0/24 to any -> 192.168.1.2
rdr on $ext_if proto tcp from any to any port 5037:5555 -> 127.0.0.255

$ext_if is a macro you that to define that points to a network interface

docs.freebsd.org

Chapter 33. Firewalls

FreeBSD has three firewalls built into the base system: PF, IPFW, and IPFILTER. This chapter covers how to define packet filtering rules, the differences between the firewalls built into FreeBSD and how to use them
docs.freebsd.org docs.freebsd.org

nat rules have to go after scrub rules
and before antispoof and block rules

github.com

freebsd-root-xps/etc/pf.conf at master · NapoleonWils0n/freebsd-root-xps

freebsd root dotfiles for dell xps 15 2019. Contribute to NapoleonWils0n/freebsd-root-xps development by creating an account on GitHub.
github.com github.com
 
Sorry for my total ignorance,but I never read any tutorial about this topic,since it is for me very difficult to understand,just like the firewall configuration. If I have to define $ext_if in some way,I don't have idea what to place there. Can you make me some examples ? I have int_if="em0" ; can ext_if be the same ?

For dialup users, the external interface will use tun0. For an ADSL connection, specifically those using PPP over Ethernet (PPPoE), the correct external interface is tun0, not the physical Ethernet interface.
Click to expand...

so,I presume that $exit_if is em0 like $int_if,but it isn't. This is what says my ifconfig :

Code: 
[root@marietto /compat]==> ifconfig

em0: flags=1008943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
 options=4a500b9<RXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,HWSTATS,MEXTPG>
    inet 192.168.1.5 netmask 0xffffff00 broadcast 192.168.1.255
    media: Ethernet autoselect (1000baseT <full-duplex>)
    status: active
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
lo0: flags=1008049<UP,LOOPBACK,RUNNING,MULTICAST,LOWER_UP> metric 0 mtu 16384
    options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
    inet 127.0.0.1 netmask 0xff000000
    inet6 ::1 prefixlen 128
    inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
    groups: lo
    nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
bridge0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
    options=0
    id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
    maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
    root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
    member: tap20 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
            ifmaxaddr 0 port 24 priority 128 path cost 2000000
    member: tap19 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
            ifmaxaddr 0 port 23 priority 128 path cost 2000000
    member: tap18 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
            ifmaxaddr 0 port 22 priority 128 path cost 2000000
    member: tap17 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
            ifmaxaddr 0 port 21 priority 128 path cost 2000000
    member: tap16 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
            ifmaxaddr 0 port 20 priority 128 path cost 2000000
    member: tap15 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
            ifmaxaddr 0 port 19 priority 128 path cost 2000000
    member: tap14 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
            ifmaxaddr 0 port 18 priority 128 path cost 2000000
    member: tap13 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
            ifmaxaddr 0 port 17 priority 128 path cost 2000000
    member: tap12 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
            ifmaxaddr 0 port 16 priority 128 path cost 2000000
    member: tap11 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
            ifmaxaddr 0 port 15 priority 128 path cost 2000000
    member: tap10 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
            ifmaxaddr 0 port 14 priority 128 path cost 2000000
    member: tap9 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
            ifmaxaddr 0 port 13 priority 128 path cost 2000000
    member: tap8 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
            ifmaxaddr 0 port 12 priority 128 path cost 2000000
    member: tap7 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
            ifmaxaddr 0 port 11 priority 128 path cost 2000000
    member: tap6 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
            ifmaxaddr 0 port 10 priority 128 path cost 2000000
    member: tap5 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
            ifmaxaddr 0 port 9 priority 128 path cost 2000000
    member: tap4 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
            ifmaxaddr 0 port 8 priority 128 path cost 2000000
    member: tap3 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
            ifmaxaddr 0 port 7 priority 128 path cost 2000000
    member: tap2 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
            ifmaxaddr 0 port 6 priority 128 path cost 2000000
    member: tap1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
            ifmaxaddr 0 port 5 priority 128 path cost 2000000
    member: tap0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
            ifmaxaddr 0 port 4 priority 128 path cost 2000000
    member: em0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
            ifmaxaddr 0 port 1 priority 128 path cost 55
    groups: bridge
    nd6 options=9<PERFORMNUD,IFDISABLED>
tap0: flags=8902<BROADCAST,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=80000<LINKSTATE>
    ether 58:9c:fc:10:ff:8e
    groups: tap
    media: Ethernet 1000baseT <full-duplex>
    status: no carrier
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
tap1: flags=8902<BROADCAST,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=80000<LINKSTATE>
    ether 58:9c:fc:10:ff:e9
    groups: tap
    media: Ethernet 1000baseT <full-duplex>
    status: no carrier
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
tap2: flags=8902<BROADCAST,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=80000<LINKSTATE>
    ether 58:9c:fc:10:ff:d7
    groups: tap
    media: Ethernet 1000baseT <full-duplex>
    status: no carrier
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
tap3: flags=8902<BROADCAST,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=80000<LINKSTATE>
    ether 58:9c:fc:10:ff:c7
    groups: tap
    media: Ethernet 1000baseT <full-duplex>
    status: no carrier
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
tap4: flags=8902<BROADCAST,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=80000<LINKSTATE>
    ether 58:9c:fc:10:ff:de
    groups: tap
    media: Ethernet 1000baseT <full-duplex>
    status: no carrier
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
tap5: flags=8902<BROADCAST,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=80000<LINKSTATE>
    ether 58:9c:fc:00:73:40
    groups: tap
    media: Ethernet 1000baseT <full-duplex>
    status: no carrier
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
tap6: flags=8902<BROADCAST,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=80000<LINKSTATE>
    ether 58:9c:fc:10:ff:d3
    groups: tap
    media: Ethernet 1000baseT <full-duplex>
    status: no carrier
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
tap7: flags=8902<BROADCAST,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=80000<LINKSTATE>
    ether 58:9c:fc:10:25:5c
    groups: tap
    media: Ethernet 1000baseT <full-duplex>
    status: no carrier
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
tap8: flags=8902<BROADCAST,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=80000<LINKSTATE>
    ether 58:9c:fc:10:ff:b8
    groups: tap
    media: Ethernet 1000baseT <full-duplex>
    status: no carrier
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
tap9: flags=8902<BROADCAST,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=80000<LINKSTATE>
    ether 58:9c:fc:10:ff:db
    groups: tap
    media: Ethernet 1000baseT <full-duplex>
    status: no carrier
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
tap10: flags=8902<BROADCAST,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=80000<LINKSTATE>
    ether 58:9c:fc:10:a8:56
    groups: tap
    media: Ethernet 1000baseT <full-duplex>
    status: no carrier
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
tap11: flags=8902<BROADCAST,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=80000<LINKSTATE>
    ether 58:9c:fc:10:ff:f6
    groups: tap
    media: Ethernet 1000baseT <full-duplex>
    status: no carrier
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
tap12: flags=8902<BROADCAST,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=80000<LINKSTATE>
    ether 58:9c:fc:10:06:33
    groups: tap
    media: Ethernet 1000baseT <full-duplex>
    status: no carrier
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
tap13: flags=1008943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
    options=80000<LINKSTATE>
    ether 58:9c:fc:10:cd:0f
    groups: tap
    media: Ethernet 1000baseT <full-duplex>
    status: active
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
    Opened by PID 7730
tap14: flags=8902<BROADCAST,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=80000<LINKSTATE>
    ether 58:9c:fc:10:ff:f8
    groups: tap
    media: Ethernet 1000baseT <full-duplex>
    status: no carrier
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
tap15: flags=8902<BROADCAST,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=80000<LINKSTATE>
    ether 58:9c:fc:10:3c:64
    groups: tap
    media: Ethernet 1000baseT <full-duplex>
    status: no carrier
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
tap16: flags=8902<BROADCAST,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=80000<LINKSTATE>
    ether 58:9c:fc:10:ff:c1
    groups: tap
    media: Ethernet 1000baseT <full-duplex>
    status: no carrier
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
tap17: flags=8902<BROADCAST,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=80000<LINKSTATE>
    ether 58:9c:fc:00:20:25
    groups: tap
    media: Ethernet 1000baseT <full-duplex>
    status: no carrier
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
tap18: flags=8902<BROADCAST,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=80000<LINKSTATE>
    ether 58:9c:fc:10:ff:f6
    groups: tap
    media: Ethernet 1000baseT <full-duplex>
    status: no carrier
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
tap19: flags=8902<BROADCAST,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=80000<LINKSTATE>
    ether 58:9c:fc:00:45:55
    groups: tap
    media: Ethernet 1000baseT <full-duplex>
    status: no carrier
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
tap20: flags=1008943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
    options=80000<LINKSTATE>
    ether 58:9c:fc:10:ff:f2
    groups: tap
    media: Ethernet 1000baseT <full-duplex>
    status: active
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
    Opened by PID 8039
lo1: flags=1008049<UP,LOOPBACK,RUNNING,MULTICAST,LOWER_UP> metric 0 mtu 16384
    options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
    inet 10.10.0.1 netmask 0xffffff00
    inet 10.10.0.2 netmask 0xffffffff
    inet 10.10.0.3 netmask 0xffffffff
    inet 10.10.0.4 netmask 0xffffffff
    inet 10.10.0.6 netmask 0xffffffff
    inet 10.10.0.7 netmask 0xffffffff
    inet 10.10.0.8 netmask 0xffffffff
    inet 10.10.0.9 netmask 0xffffffff
    inet 10.10.0.10 netmask 0xffffffff
    inet 10.10.0.11 netmask 0xffffffff
    inet 10.10.0.12 netmask 0xffffffff
    inet 10.10.0.5 netmask 0xffffff00
    inet6 fe80::1%lo1 prefixlen 64 scopeid 0x19
    groups: lo
    nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
ue0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=8000b<RXCSUM,TXCSUM,VLAN_MTU,LINKSTATE>

    media: Ethernet autoselect (none)
    status: no carrier
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
bridge2: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=0

    id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
    maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
    root id 00:00:00:00:00:00 priority 0 ifcost 0 port 0
    groups: bridge
    nd6 options=9<PERFORMNUD,IFDISABLED>
 
someone correct me if im wrong

but i think ext_if is when you have 2 network interfaces on your machine
when you are building a gateway

i have removed a lot of extra stuff from my pf.conf
that might confuse you

i added your em0 network interface
and set nat from the jail out to the internet

i think you might have to use the int_if with the port forwarding to the jail
just looking at that

make a copy of your current pf.conf
to the current directory

Code: 
cp /etc/pf.conf .

edit your pf.conf

Code: 
/etc/pf.conf

replace the contents of the file with the following code

Code: 
#=========================================================================#
# variables, macro and tables                                             #
#=========================================================================#

int_if="em0" # em0 interface
all_networks="0.0.0.0/0"
icmp_types = "{ echoreq, unreach }"
tcp_state="flags S/SA keep state"
udp_state="keep state"

#=========================================================================#
# global policy                                                           #
#=========================================================================#

set block-policy drop
set loginterface $int_if
set fingerprints "/etc/pf.os"
set skip on lo0
scrub in all fragment reassemble no-df max-mss 1440
# nat jail
nat on $int_if from {lo1:network} to any -> ($int_if)
# port
#rdr pass inet proto tcp from any to port 5037 -> 192.168.1.2 port 5037 # change 192.168.1.2 to jails ip
# antispoof
antispoof log quick for { lo $int_if } label "block_spoofing"

#=========================================================================#
# block                                                                   #
#=========================================================================#

block log all # block log all
block return out quick inet6 all tag IPV6 # block ipv6
block in quick inet6 all tag IPV6 # block ipv6

#=========================================================================#
# traffic tag                                                             #
#=========================================================================#

# icmp
pass inet proto icmp all icmp-type $icmp_types keep state tag ICMP

# outbound traffic
block out on $int_if all
pass out quick on $int_if all modulate state

check the rules work by reloading then

Flush all NAT, filter, state, and table rules and reload /etc/pf.conf.

Code: 
sudo pfctl -F all -f /etc/pf.conf

then enter the jail and run ping

start the jail if its not running

Code: 
sudo service jail onestart noble

enter the jail

Code: 
sudo jexec noble /bin/bash

test ping is working

Code: 
ping google.com

if its not working you can try restarting the following services

Code: 
sudo service pf restart
sudo service netif restart

once thats working we can look at forwarding ports

if you have it working the following might not be needed

the next bit of code is just a guess on my part

you will see it commented out in the above pf.conf
try uncommenting the line below in the pf.conf

and change 192.168.1.2 to the jails ip address

Code: 
# port
#rdr pass inet proto tcp from any to port 5037 -> 192.168.1.2 port 5037 # change 192.168.1.2 to jails ip

and reload the pf rules

Code: 
sudo pfctl -F all -f /etc/pf.conf
 
it seems it is working :

Code: 
# sudo pfctl -F all -f /etc/pf.conf
[root@marietto /compat]==> ./start-noble-bash
 
Stopping jails: noble.
Starting jails: noble.

root@noble:/# ping google.com

ping: WARNING: setsockopt(ICMP_FILTER): Protocol not available
PING google.com (216.58.209.46) 56(84) bytes of data.
64 bytes from mil07s12-in-f14.1e100.net (216.58.209.46): icmp_seq=1 ttl=114 time=16.2 ms
64 bytes from mil07s12-in-f14.1e100.net (216.58.209.46): icmp_seq=2 ttl=114 time=16.5 ms
64 bytes from mil07s12-in-f14.1e100.net (216.58.209.46): icmp_seq=3 ttl=114 time=16.7 ms
^C
--- google.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 16.202/16.470/16.715/0.210 ms
 
NapoleonWils0n said:
so have you got ping working with the pf.conf i gave you

i just updated the post above
to try adding port forwarding
Click to expand...

how can I know what's the jail IP number ? it does not want to show it :

Code: 
root@noble:/# ifconfig
bridge: error fetching interface information: Invalid argument

nano /etc/jail.conf.d/noble.conf

Code: 
# network
    ip4.addr="lo1|10.10.0.5/24";

maybe it is 10.10.0.5 ?
 
using 10.10.0.5 it does not work :

Code: 
root@noble:/# adb connect 192.168.1.2:5555
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
** daemon still not running
error: cannot connect to daemon
 
I suppose that the IP address 10.x is wrong ? because it is an internal IP to the jail,but it should be 192.168 and something ?

nano /etc/jail.conf.d/noble.conf

Code: 
ip4.addr="lo1|10.10.0.5/24"
 
like i said a total guess
from this page

qorg11

Thread 'Make jail available to bind only certain ports'

I want to create a Jail with a public IP address. But as we have IPv4 address shortage. I want to only make the jail able to bind to a range of ports (say 700 to 750).

I asked in the IRC and one answer was to use pf to NAT ports from/to the jail.

not even sure if rdr works with just one interface

i think it may be used to redirect from one interface to another
like ext_if to int_if

best bet is read the man page for pf.conf

Code: 
man pf.conf

and search on google
 
Code: 
[root@marietto /home/marietto]==> jls
   JID  IP Address      Hostname                      Path
    14  10.10.0.5       noble                         /mnt/da2p2/Backup/compat/noble
 
so maybe try changing the ip address in the pf.conf

Code: 
rdr pass inet proto tcp from any to port 5037 -> 10.10.0.5 port 5037

Code: 
sudo pfctl -F all -f /etc/pf.conf
 
added the following new rules

Code: 
rdr pass on $int_if proto tcp from any to any port 5037 -> 10.10.0.5 port 5037

Code: 
# allow port 5037 to the jail
pass in on $int_if proto tcp from any to 10.10.0.5 port 5037

edit your pf.conf

Code: 
/etc/pf.conf

and replace the contents with this new config

Code: 
#=========================================================================#
# variables, macro and tables                                             #
#=========================================================================#

int_if="em0" # em0 interface
all_networks="0.0.0.0/0"
icmp_types = "{ echoreq, unreach }"
tcp_state="flags S/SA keep state"
udp_state="keep state"

#=========================================================================#
# global policy                                                           #
#=========================================================================#

set block-policy drop
set loginterface $int_if
set fingerprints "/etc/pf.os"
set skip on lo0
scrub in all fragment reassemble no-df max-mss 1440
# nat jail
nat on $int_if from {lo1:network} to any -> ($int_if)
# forward port
rdr pass on $int_if proto tcp from any to any port 5037 -> 10.10.0.5 port 5037
# antispoof
antispoof log quick for { lo $int_if } label "block_spoofing"

#=========================================================================#
# block                                                                   #
#=========================================================================#

block log all # block log all
block return out quick inet6 all tag IPV6 # block ipv6
block in quick inet6 all tag IPV6 # block ipv6

#=========================================================================#
# traffic tag                                                             #
#=========================================================================#

# allow port 5037 to the jail
pass in on $int_if proto tcp from any to 10.10.0.5 port 5037

# icmp
pass inet proto icmp all icmp-type $icmp_types keep state tag ICMP

# outbound traffic
block out on $int_if all
pass out quick on $int_if all modulate state

reload the pf.conf

Code: 
sudo pfctl -F all -f /etc/pf.conf

check if pf forwarding is working

Code: 
sudo pfctl -sr

use sockstat

Code: 
sudo sockstat -l | grep 5037

see if that works
 
i wasnt getting any search results from google

my dad keeps saying i should try using chatgpt
so i thought id see what it came up with

using the following prompt

forward port 5037 with pf on freebsd from the host to a jail with an ip address of 10.10.0.5
 
Code: 
[root@marietto /home/marietto]==> sudo pfctl -sr

scrub in all no-df max-mss 1440 fragment reassemble
block drop in log quick on ! lo inet6 from ::1 to any label "block_spoofing"
block drop in log quick on ! lo inet from 127.0.0.0/8 to any label "block_spoofing"
block drop in log quick on ! lo inet from 10.10.0.0/24 to any label "block_spoofing"
block drop in log quick on ! lo inet from 10.10.0.2 to any label "block_spoofing"
block drop in log quick on ! lo inet from 10.10.0.3 to any label "block_spoofing"
block drop in log quick on ! lo inet from 10.10.0.4 to any label "block_spoofing"
block drop in log quick on ! lo inet from 10.10.0.5 to any label "block_spoofing"
block drop in log quick on ! lo inet from 10.10.0.6 to any label "block_spoofing"
block drop in log quick on ! lo inet from 10.10.0.7 to any label "block_spoofing"
block drop in log quick on ! lo inet from 10.10.0.8 to any label "block_spoofing"
block drop in log quick on ! lo inet from 10.10.0.9 to any label "block_spoofing"
block drop in log quick on ! lo inet from 10.10.0.10 to any label "block_spoofing"
block drop in log quick on ! lo inet from 10.10.0.11 to any label "block_spoofing"
block drop in log quick on ! lo inet from 10.10.0.12 to any label "block_spoofing"
block drop in log quick inet6 from ::1 to any label "block_spoofing"
block drop in log quick on lo0 inet6 from fe80::1 to any label "block_spoofing"
block drop in log quick inet from 127.0.0.1 to any label "block_spoofing"
block drop in log quick inet from 10.10.0.1 to any label "block_spoofing"
block drop in log quick on lo1 inet6 from fe80::1 to any label "block_spoofing"
block drop in log quick inet from 10.10.0.2 to any label "block_spoofing"
block drop in log quick inet from 10.10.0.3 to any label "block_spoofing"
block drop in log quick inet from 10.10.0.4 to any label "block_spoofing"
block drop in log quick inet from 10.10.0.5 to any label "block_spoofing"
block drop in log quick inet from 10.10.0.6 to any label "block_spoofing"
block drop in log quick inet from 10.10.0.7 to any label "block_spoofing"
block drop in log quick inet from 10.10.0.8 to any label "block_spoofing"
block drop in log quick inet from 10.10.0.9 to any label "block_spoofing"
block drop in log quick inet from 10.10.0.10 to any label "block_spoofing"
block drop in log quick inet from 10.10.0.11 to any label "block_spoofing"
block drop in log quick inet from 10.10.0.12 to any label "block_spoofing"
block drop in log quick on ! em0 inet from 192.168.1.0/24 to any label "block_spoofing"
block drop in log quick inet from 192.168.1.5 to any label "block_spoofing"
block drop log all
block return out quick inet6 all tag IPV6
block drop in quick inet6 all tag IPV6
pass in on em0 inet proto tcp from any to 10.10.0.5 port = 5037 flags S/SA keep state
pass inet proto icmp all icmp-type echoreq keep state tag ICMP
pass inet proto icmp all icmp-type unreach keep state tag ICMP
block drop out on em0 all
pass out quick on em0 all flags S/SA modulate state

[root@marietto /home/marietto]==> sudo sockstat -l | grep 5037
[root@marietto /home/marietto]==> nothing
 
>my dad keeps saying i should try using chatgpt
>so i thought id see what it came up with
>using the following prompt
>forward port 5037 with pf on freebsd from the host to a jail with an ip address of 10.10.0.5

good idea....
 
but are you sure that the port should be 5037 ? because I use adb like this :

Code: 
# adb connect 192.168.1.2:5555

where 192.168.1.2 is the IP of my phone that it is connected to the same WAN via WI-FI (if I issue that command directly on FreeBSD,it sticks).
 
in your first post you had

Code: 
* daemon not running. starting it now on port 5037 *

i thought that was the port you where trying to forward
if not change it
 
NapoleonWils0n said:
in your first post you had

Code: 
* daemon not running. starting it now on port 5037 *

i thought that was the port you where trying to forward
if not change it
Click to expand...

yeah,it switches to 5037 as soon as I press ENTER. Maybe it's a good idea to choose an interval : from 5037 to 5555...
 
change the port 5037 below to whatever port you need

Code: 
rdr pass on $int_if proto tcp from any to any port 5037 -> 10.10.0.5 port 5037

and

change the port 5037 below to whatever port you need

Code: 
# allow port 5037 to the jail
pass in on $int_if proto tcp from any to 10.10.0.5 port 5037
 
yeah,it switches to 5037 as soon as I press ENTER. Maybe it's a good idea to choose an interval : from 5037 to 5555...
Click to expand...

it sounded like it connects to the android device on port 5555
and the daemon is running on port 5037 on your computer

unless i have that wrong
 
You must log in or register to reply here.
Back
Top