Solved Bastille, PF, /etc/hosts: total confusion...

[freezr]

Hi guys,

maybe pro don't need to do such questions but I am really confused...

I am trying to expose the jail to the internet and of course nothing works...

1. I assume I did right the DNS administration part on the VPS side (Vultr.com).
2. I assume GMID, the Gemini server, is properly setup.
3. I used the following rule for PF as for Bastille "quick guide":

ext_if="vtnet0"
## Gmid related
gmid_addr=10.10.2.20

set block-policy return
scrub in on $ext_if all fragment reassemble
set skip on lo

table <jails> persist
nat on $ext_if from <jails> to any -> ($ext_if:0)

## Gmid Route
rdr pass inet proto tcp from any to port 1965 -> $gmid_addr port 1965

rdr-anchor "rdr/*"

block in all
pass out quick keep state
antispoof for $ext_if inet
pass in inet proto tcp from any to any port ssh flags S/SA keep state

Unfortunately the server is unreachable (should be gemini://warp.geminispace.net) ... I am wandering if because I have to specify something in /etc/hosts or simply because any monkey is better than me to copy and understand documentation, who knows?

Any suggestion or recommendation is greatly appreciated, thanks!

 

[SirDice]

I assume I did right the DNS administration part on the VPS side (Vultr.com).

You can verify this with drill(1), dig(1) or nslookup(1) (the last two are part of the BIND tools dns/bind-tools).

Unfortunately the server is unreachable

Are you testing this from inside your own LAN? Because the redirection only works for connections coming in on your outside connection.

 

[freezr]

SirDice

I see... I tested both the cases and anything work...

For the Gemini server I used a SRV domain, on DigitalOcean worked fine... ?

 

[SirDice]

SRV domain

You mean an SRV record?

Test it, drill <your dns name> SRV That should return the SRV record you registered.

Are you supposed to create an SRV record? I'm not familiar with that Gemini stuff.

 

[freezr]

SirDice Yes, sorry...

drill warp.geminispace.net SRV
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 6588
;; flags: qr rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;; warp.geminispace.net.    IN    SRV

;; ANSWER SECTION:

;; AUTHORITY SECTION:
geminispace.net.    300    IN    SOA    ns1.vultr.com. dnsadm.choopa.com. 0 10800 3600 604800 3600

;; ADDITIONAL SECTION:

;; Query time: 93 msec
;; SERVER: 192.168.193.132
;; WHEN: Fri Jun  3 13:35:53 2022
;; MSG SIZE  rcvd: 101

Is it working? ?

Are you supposed to create an SRV record? I'm not familiar with that Gemini stuff.

Gemini should work over the TCP protocol and by default use port 1965, on my previous VPS (D.O.) I enable the server through the SRV records otherwise I don't see any means to achieve it... ?‍

 

[freezr]

I assume this is working fine the issue is elsewhere... ?