From owner-freebsd-questions@FreeBSD.ORG Thu Sep 29 13:51:08 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ABEF216A41F for ; Thu, 29 Sep 2005 13:51:08 +0000 (GMT) (envelope-from tsuraan@gmail.com) Received: from qproxy.gmail.com (qproxy.gmail.com [72.14.204.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id 34B6E43D48 for ; Thu, 29 Sep 2005 13:51:07 +0000 (GMT) (envelope-from tsuraan@gmail.com) Received: by qproxy.gmail.com with SMTP id p35so19068qbb for ; Thu, 29 Sep 2005 06:51:06 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=mMop/zvWJ6SbQyrHD26/TO2B6G1inxTREVOfQn9vRTDyNBREtVyIeEar6N29EzM2J1WioUXMO45lATd/VVxjF5KdiMLnVBLwfMhG01PgpSmXes5Fxtenhvg4z1aeMKG1gchPrsA9X/bmGwI1oSND7v+Urxh5pVA9SPsEa4yDOiU= Received: by 10.65.114.14 with SMTP id r14mr135377qbm; Thu, 29 Sep 2005 06:51:06 -0700 (PDT) Received: by 10.65.135.12 with HTTP; Thu, 29 Sep 2005 06:51:06 -0700 (PDT) Message-ID: <84fb38e305092906511280a7bc@mail.gmail.com> Date: Thu, 29 Sep 2005 08:51:06 -0500 From: tsuraan To: freebsd-questions@freebsd.org In-Reply-To: <6.2.3.4.2.20050928201905.063cce00@cobalt.antimatter.net> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <84fb38e305092816084fdb6667@mail.gmail.com> <6.2.3.4.2.20050928201905.063cce00@cobalt.antimatter.net> Subject: Re: strange routing (?) issues with a jail X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: tsuraan List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Sep 2005 13:51:08 -0000 On 28/09/05, Glenn Dawson wrote: > At 04:08 PM 9/28/2005, tsuraan wrote: > >I have a freebsd 5.3 machine, with a jailed off machine running in it. > > Let's call them host and slave (they have seperate IP addresses and > >hostnames). Within the slave, I have sshd and apache running. In the > >host, I just have sshd running. From within the slave machine, I can > >connect to localhost ports 80 and 22, with the expected results. From > >within the host machine, I can connect to the slave's ports 80 and 22 > >correctly as well. From outside that machine, I can only connect to > >port 22 on the slave. Attempts to connect to port 80 on the slave > >time out. > > > >The slave is running apache version 1.33+modssl from ports. I have it > >configured with a basic vhosting setup, and it seems to work perfectly > >from within the physical machine the jail is running on. Pf is > >totally disabled, and it's a fresh install with no strange services > >running or unnecessary packages installed. Can anyone give a hint as > >to why someone external would be unable to connect to port 80, but > >able to connect to port 22? > > Are the IP's for the host and the jail on the same network? A look > at the relevant portions of rc.conf from both the host and the jail > would be most helpful in troubleshooting the problem. The rc.conf for the host looks like this: hostname=3D"host.domain.dom" sendmail_enable=3D"NO" inetd_flags=3D"-wW -a 192.168.240.104" rpcbind_enable=3D"NO" #ifconfig_fxp0=3D"inet 192.168.240.104 netmask 255.255.127.0" ifconfig_fxp0=3D"DHCP" ifconfig_fxp0_alias0=3D"inet 192.168.240.224 netmask 255.255.255.255" ifconfig_fxp0_alias1=3D"inet 192.168.240.225 netmask 255.255.255.255" linux_enable=3D"NO" moused_enable=3D"NO" sshd_enable=3D"YES" And the jail looks like this: rpcbind_enable=3D"NO" network_interfaces=3D"" sendmail_enable=3D"NONE" sshd_enable=3D"YES" apache_enable=3D"YES" apache_flags=3D"" > > You'll also want to make sure that sshd in the host is being told to > listen only to it's IP. If you don't and there's no sshd running in > the jail, you'll get a connection to the host instead of the jail. When I log into the jail through ssh from an external computer, I am logging in to the correct machine: my-box:~ $ ssh 192.168.240.104 host:~ $ hostname host host:~ $ -- my-box:~ $ ssh 192.168.240.224 $ hostname slave $ But if I try to telnet to port 80 on the slave, it only works from the host machine: my-box:~ $ telnet 192.168.240.224 80 Trying 192.168.240.224 telnet: connect to address 192.168.240.224: Operation timed out telnet: Unable to connect to remote host -- host:~ $ telnet 192.168.240.224 80 Trying 192.168.240.224... Connected to 224-240-168-192.domain.dom. Escape character is '^]'. So, apache is clearly running, but not answering to external queries.=20 Running ifconfig from within the jail gives me: $ ifconfig fxp0 fxp0: flags=3D8843 mtu 1500 options=3D8 inet 192.168.240.224 netmask 0xffffff00 broadcast 192.168.240.255 ether 00:0e:0c:4e:62:31 media: Ethernet autoselect (100baseTX ) status: active And I can ping google from within the jail, and that works. So, any ideas?