From owner-freebsd-stable@freebsd.org Fri Mar 23 17:25:09 2018 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D878BF5C353 for ; Fri, 23 Mar 2018 17:25:08 +0000 (UTC) (envelope-from zarychtam@plan-b.pwste.edu.pl) Received: from plan-b.pwste.edu.pl (unknown [IPv6:2001:678:618::40]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "plan-b.pwste.edu.pl", Issuer "plan-b.pwste.edu.pl" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 5CC6A810BA for ; Fri, 23 Mar 2018 17:25:07 +0000 (UTC) (envelope-from zarychtam@plan-b.pwste.edu.pl) Received: from plan-b.pwste.edu.pl (zarychtam@localhost [127.0.0.1]) by plan-b.pwste.edu.pl (8.15.2/8.15.2) with ESMTPS id w2NHP4Zf061954 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Fri, 23 Mar 2018 18:25:05 +0100 (CET) (envelope-from zarychtam@plan-b.pwste.edu.pl) Received: (from zarychtam@localhost) by plan-b.pwste.edu.pl (8.15.2/8.15.2/Submit) id w2NHP4Fa061952; Fri, 23 Mar 2018 18:25:04 +0100 (CET) (envelope-from zarychtam) Date: Fri, 23 Mar 2018 18:25:04 +0100 From: Marek Zarychta To: Joerg Surmann Cc: freebsd-stable@freebsd.org Subject: Re: Two NIC's inside a Jail Message-ID: <20180323172504.GA55971@plan-b.pwste.edu.pl> References: <785ce70f-3f2d-3422-0e95-146b05f7f768@elektropost.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="NzB8fVQJ5HfG6fxh" Content-Disposition: inline In-Reply-To: <785ce70f-3f2d-3422-0e95-146b05f7f768@elektropost.org> User-Agent: Mutt/1.9.4 (2018-02-28) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Mar 2018 17:25:09 -0000 --NzB8fVQJ5HfG6fxh Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Mar 23, 2018 at 04:01:30PM +0100, Joerg Surmann wrote: > Hi all, >=20 > I have a Problem to understund how to manage 2 Networks inside a Jail. >=20 > i have create a jail (using ezjail) with a alias IP. in rc.conf (on > Host): >=20 > ifconfig_vmx0=3D"inet 192.168.100.1 netmask 255.255.255.0" > ifconfig_vmx0_alias0=3D"inet 192.168.100.2 netmask 255.255.255.0"=C2=A0 <- > this is the jail ip >=20 > Inside the jail running apachhe24. >=20 > Now i add a new NIC to the System. in rc.conf (on Host): > ifconfig_em0=3D"inet 213.70.80.92 netmask 255.255.255.0" >=20 > in /usr/local/etc/ezjail/myjail.conf: i add the new ip export > jail_myjail_ip=3D"192.168.100.2,213.70.80.92" >=20 > Restart the jail and ifconfig looks fine. vmx0 -> inet 192.168.100.2 > em0=C2=A0 -> inet 213.70.80.92 >=20 > Apache Listen on all NIC's () But i can see my > Website only via 192.168.100.2 from intern Network. >=20 > The Host is behind a Firewall. The IP=C2=A0 213.70.80.92 is enabled for > incomming Traffic. >=20 > When i give the Hostname in a Browser i become "connection Timeout". >=20 > What is to do that the Host is accessable from Inet? >=20 Hi Joerg,=20 I guess your host has default gw reachable via vmx0 and second interface em0 is connected and was reachable at least from firewall protecting address 213.70.80.92? If it is true then you should add:=20 to /usr/local/etc/ezjail/myjail.conf=20 export jail_myjail_ip=3D"lo1|127.0.1.1,vmx0|192.168.100.2,em0|213.70.80.92" export jail_myjail_fib=3D"1" to /etc/rc.conf static_routes=3D"net_jails" route_net_jails=3D"default 213.70.80.x -fib 1" to /boot/loader.conf net.fibs=3D"2" Eventually take a look at setfib(1) and also consider migrating em adapter to second vmx which shuld be faster and more flexible. IMHO this questions should be asked rather on freebsd-net list than here. --=20 Marek Zarychta --NzB8fVQJ5HfG6fxh Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAABCAAdFiEEMOqvKm6wKvS1/ZeCdZ/s//1SjSwFAlq1OG0ACgkQdZ/s//1S jSzW5AgAoHjVX3DhoUa4Ey9EvKYmNATgYmY9HVLfSGufV33YWyty5QoE1YH8idO8 hbk2BWLE+tnKrMo6lhbrb79OgkyusC0H960KAOm8C4AgfM8zyou4/Vbqu3I6pbXB RNH4fG2huX0ZOHepuZvtLUT/YcY++b3eSrjYMhokzgZdK3APzmQhLtyeT5t4H1MD ou2H+z9t+gjp5OE8x39lJCBeGS3jyuPLbPUUr3h2UgYxKZkbG5menfsx12PxcpcZ 0bSL77S1VZI0+RKtEbaZdhuAXt0BLQ3tMk/8ct5CIpoi67lfYt5t7MTmw8DUAUlJ QPC7nglxf/2GLhGuf46Fv2APhfD31w== =Fm9O -----END PGP SIGNATURE----- --NzB8fVQJ5HfG6fxh--