Hey yall, (I posted this already to Reddit, and didn't realize I could here: https://www.reddit.com/r/freebsd/comments/1g9scfc/help_with_a_natd_jail_running_dnsmasq/)
So I finally got a jail running on my main FreeBSD box. It’s taken me so long, but I did it. I created a pf.conf and got NAT working so I can install and get out to the internet.
I installed DNSMasq, and I can SSH into the box via a port forwarding rule from 2222 to 22 in the jail.
I thought I could just create another forward for 53 to 53 and be golden. It hasn’t worked, and I've gotten errors and timeouts constantly.
Does anyone have any notes on how to make something like this? Or maybe a tutorial? Or can I post a couple of errors here, and people can help me debug what these errors mean?
jail.conf
pf.conf
Note: I have tried so many things I'm lost now
dnsmasq.conf
So I finally got a jail running on my main FreeBSD box. It’s taken me so long, but I did it. I created a pf.conf and got NAT working so I can install and get out to the internet.
I installed DNSMasq, and I can SSH into the box via a port forwarding rule from 2222 to 22 in the jail.
I thought I could just create another forward for 53 to 53 and be golden. It hasn’t worked, and I've gotten errors and timeouts constantly.
Does anyone have any notes on how to make something like this? Or maybe a tutorial? Or can I post a couple of errors here, and people can help me debug what these errors mean?
jail.conf
Code:
[root@tardis ~]# cat /etc/jail.conf.d/dnshole.conf
dnshole {
host.hostname = dnshole.tardis; # hostname
ip4.addr = "10.0.2.3/24";
interface = lo1;
path = "/usr/home/jails/dnshole"; # path to jail
devfs_ruleset = 2; # devfs ruleset
mount.devfs; # mount devfs inside
allow.raw_sockets=1;
exec.start = "/bin/sh /etc/rc"; # start command
exec.stop = "/bin/sh /etc/rc.shutdown"; # stop command
}
[root@tardis ~]#pf.conf
Note: I have tried so many things I'm lost now
Code:
nat pass quick on re0 from 10.0.2.3 to any
#rdr pass quick on re0 from any to 10.0.2.3 port 53 -> 10.0.2.3 port 53
#nat on re0 from lo1:network to any -> (re0)
#rdr on re0 proto { tcp, udp } from any to 192.168.86.116 port 53 -> 10.0.2.3 port 53
#rdr on re0 proto tcp from any to 192.168.86.116 port 80 -> 10.0.2.3 port 80
rdr on re0 proto tcp from any to 192.168.86.116 port 9000 -> 10.0.2.2 port 9000
rdr on re0 proto tcp from any to 192.168.86.116 port 2222 -> 10.0.2.2 port 22
pass in quick from 10.0.2.0/24 to any keep state
pass out all keep statednsmasq.conf
Code:
domain-needed
bogus-priv
no-resolv
listen-address=0.0.0.0
bind-interfaces
no-hosts
cache-size=1000
log-queries
conf-dir=/usr/local/etc/dnsmasq.conf.d/,*.conf
server=8.8.4.4
server=2001:4860:4860::8844