From owner-freebsd-jail@FreeBSD.ORG Fri Nov 20 08:12:36 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C460E1065695 for ; Fri, 20 Nov 2009 08:12:36 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [115.70.110.159]) by mx1.freebsd.org (Postfix) with ESMTP id 178038FC12 for ; Fri, 20 Nov 2009 08:12:35 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id nAK7nB2k056145; Fri, 20 Nov 2009 18:49:11 +1100 (EST) (envelope-from smithi@nimnet.asn.au) Date: Fri, 20 Nov 2009 18:49:10 +1100 (EST) From: Ian Smith To: "Scheithauer, Lars (FH)" In-Reply-To: <26040005B7F3AA41A0345BCE386CA09701C62A98@FHCLUSRV-EX.dcs.fh-heidelberg.de> Message-ID: <20091120180647.A65262@sola.nimnet.asn.au> References: <26040005B7F3AA41A0345BCE386CA09701C62A8E@FHCLUSRV-EX.dcs.fh-heidelberg.de><4B040838.8020103@quip.cz> <26040005B7F3AA41A0345BCE386CA09701C62A8F@FHCLUSRV-EX.dcs.fh-heidelberg.de><26040005B7F3AA41A0345BCE386CA09701C62A94@FHCLUSRV-EX.dcs.fh-heidelberg.de> <4B057741.7000700@cyanide-studio.com> <26040005B7F3AA41A0345BCE386CA09701C62A98@FHCLUSRV-EX.dcs.fh-heidelberg.de> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Cc: freebsd-jail@freebsd.org, Bastien Semene Subject: Re: AW: AW: Problem with Apache in Jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Nov 2009 08:12:36 -0000 On Fri, 20 Nov 2009, Scheithauer, Lars (FH) wrote: > Hi Bastien, > > I've set up the jail after this guide[1] of the FreeBSD handbook. I'm only replying to this suspecting it may not be a jail issue, but perhaps more likely a DNS issue, as Miroslav was earlier pointing to? > A firewall is not active (yet), since I first wanted the jail to work. > > If I telnet to the server from the inside (DNS and IP), I can get a > valid response. If I telnet to the servers ip from the outside, too. > However, as soon as I try to get the files of a specific hostname, I > get a timeout (more specifically, I can connect to the server, but it > won't give any single packet back, according to wireshark). So are you sure that (from outside your environment) the vhost hostname resolves to its IP address ok? Does it have a unique public IP address? If so, does reverse resolution of that address point to that hostname? >From (right) outside your net, does that IP address respond to pings? By IP address as well as by hostname? Does your apache config specify name-based and/or IP-based virtual hosts? There can lurk some dragons .. > I don't get the problem and honestly don't know where to look > anymore. If it would be an apache config problem, it should not work > from the inside, too. If it's a jail problem, I don't know what else > to activate (even tried to allow raw sockets). The problem is also > persistent with the apache20-installation. If this is a jail issue I've no idea at all, but if the DNS results obtained from inside and outside your network perimeter differ, that may explain some of what you're seeing. I guess an outside DNS query followed by an attemped HTTP connect tracked on tcpdump, perhaps in verbose packet-display mode (eg -nXs0) should provide more solid clues? > For the logfiles: I do get an entry, if I get something back from the > server. If I don't get anything back from the server, I don't get an > entry. Make sure that you're logging both the vhost concerned and the 'default' config used if no vhost entry is satisfied, perhaps you'll see something there? I specify error.log to catch any of these during vhost setup. You may need to share more of your apache configuration in the hope that someone may spot something, once you confirm there are no DNS issues. Just some ideas .. cheers, Ian