From owner-freebsd-stable@freebsd.org Fri Mar 23 19:17:30 2018 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E508AF66265 for ; Fri, 23 Mar 2018 19:17:29 +0000 (UTC) (envelope-from joerg_surmann@elektropost.org) Received: from elektropost.org (elektropost.org [217.115.13.198]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5F8A0874B1 for ; Fri, 23 Mar 2018 19:17:29 +0000 (UTC) (envelope-from joerg_surmann@elektropost.org) Received: (qmail 93349 invoked from network); 23 Mar 2018 19:17:28 -0000 Received: from elektropost.org (HELO elektropost.org) (joerg?surmann) by elektropost.org with ESMTPS (DHE-RSA-AES128-SHA encrypted); 23 Mar 2018 19:17:28 -0000 Subject: Re: Two NIC's inside a Jail To: Marek Zarychta Cc: freebsd-stable@freebsd.org, freebsd-current@freebsd.org References: <785ce70f-3f2d-3422-0e95-146b05f7f768@elektropost.org> <20180323172504.GA55971@plan-b.pwste.edu.pl> From: joerg_surmann Message-ID: Date: Fri, 23 Mar 2018 20:17:27 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <20180323172504.GA55971@plan-b.pwste.edu.pl> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="QabuUyHbzzRJWlhPrBEMbgUkV38HLlAPv" X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Mar 2018 19:17:30 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --QabuUyHbzzRJWlhPrBEMbgUkV38HLlAPv Content-Type: multipart/mixed; boundary="XLdbuKE7TcH5190G2OxcWomUP464lUdtA"; protected-headers="v1" From: joerg_surmann To: Marek Zarychta Cc: freebsd-stable@freebsd.org, freebsd-current@freebsd.org Message-ID: Subject: Re: Two NIC's inside a Jail References: <785ce70f-3f2d-3422-0e95-146b05f7f768@elektropost.org> <20180323172504.GA55971@plan-b.pwste.edu.pl> In-Reply-To: <20180323172504.GA55971@plan-b.pwste.edu.pl> --XLdbuKE7TcH5190G2OxcWomUP464lUdtA Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Content-Language: de-DE Hi, thanks for yor help. I can't find a solution. But i have find a starnge ip config. in rc.conf on Host(not jail) ifconfig_vmx0_alias1=3D"inet 192.168.100.2=C2=A0 netmask 255.255.255.0" ifconfig_em0=3D"inet 213.70.80.92 netmask 255.255.255.0" ifconfig on host say: inet 213.70.80.92 netmask 0xffffffff broadcast 213.70.80.92 inet 192.168.100.2=C2=A0 netmask 0xffffffff broadcast 192.168.100.2 ifconfig say to both ip's /32. Maby that's the reason for unavailable the apache. ifconfig iside the jail say the same. I'm a little bit confused. Am 23.03.2018 um 18:25 schrieb Marek Zarychta: > On Fri, Mar 23, 2018 at 04:01:30PM +0100, Joerg Surmann wrote: >> Hi all, >> >> I have a Problem to understund how to manage 2 Networks inside a Jail.= >> >> i have create a jail (using ezjail) with a alias IP. in rc.conf (on >> Host): >> >> ifconfig_vmx0=3D"inet 192.168.100.1 netmask 255.255.255.0" >> ifconfig_vmx0_alias0=3D"inet 192.168.100.2 netmask 255.255.255.0"=C2=A0= <- >> this is the jail ip >> >> Inside the jail running apachhe24. >> >> Now i add a new NIC to the System. in rc.conf (on Host): >> ifconfig_em0=3D"inet 213.70.80.92 netmask 255.255.255.0" >> >> in /usr/local/etc/ezjail/myjail.conf: i add the new ip export >> jail_myjail_ip=3D"192.168.100.2,213.70.80.92" >> >> Restart the jail and ifconfig looks fine. vmx0 -> inet 192.168.100.2 >> em0=C2=A0 -> inet 213.70.80.92 >> >> Apache Listen on all NIC's () But i can see my >> Website only via 192.168.100.2 from intern Network. >> >> The Host is behind a Firewall. The IP=C2=A0 213.70.80.92 is enabled f= or >> incomming Traffic. >> >> When i give the Hostname in a Browser i become "connection Timeout". >> >> What is to do that the Host is accessable from Inet? >> > Hi Joerg,=20 > > I guess your host has default gw reachable via vmx0 and second interfac= e > em0 is connected and was reachable at least from firewall protecting > address 213.70.80.92? If it is true then you should add:=20 > > to /usr/local/etc/ezjail/myjail.conf=20 > export jail_myjail_ip=3D"lo1|127.0.1.1,vmx0|192.168.100.2,em0|213.70.80= =2E92" > export jail_myjail_fib=3D"1" > > to /etc/rc.conf > static_routes=3D"net_jails" > route_net_jails=3D"default 213.70.80.x -fib 1" > > to /boot/loader.conf > net.fibs=3D"2" > > Eventually take a look at setfib(1) and also consider migrating em > adapter to second vmx which shuld be faster and more flexible. > > IMHO this questions should be asked rather on freebsd-net list than > here. --XLdbuKE7TcH5190G2OxcWomUP464lUdtA-- --QabuUyHbzzRJWlhPrBEMbgUkV38HLlAPv Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIzBAEBCgAdFiEEKgIE1afOeXZNzpBEGHz25TAa4ssFAlq1UscACgkQGHz25TAa 4stliw//U8XD9nn0MOnrgTW3nROyAaYIcLn1S8VMMT9iTMILIh8nM4RDpU3wMZ9l TjjFQihgihJzOI2GLGBIpyCV3iwaG1PWjkTRT9ed+weI+8drhFx1IXlbFtWKxIt3 8dYYfH/30RRrudzJSdB+bOgwkPvRM+AXpB4ydIzZPvtG/WKRZqG7J/H4l31udLfh i2oBqjV6jeaq/z8LU0gJ8H0BlZUVnEzRtUojKXmGeyOsffKB5DAU89iCGl5rikuJ /z8ob6o0+OiRkpoDq0wKIwqw4ZWLXNINMn7bYbhtXay3p+ItVagPBO5ih2bX9ZLi Xdv3YK7xx+qmg7qzWLUBMWyivF5MeYKn7PNT+vVpNwNm9A/ANjQ9uuR6sL7XjVM5 a9xC2vpRf/DCHaExUBbRwD1KbkbUtSrkiEriOqJVXUv5D9HHRpSQ2IplV1WevbQg 8cA4+0PfV2+pbDf1sMzKIxYLrZEdRlS0IKu1qpsq5YJvEjV11+NDYgdFfN6F4xbK DnXlxL39sFhTX1d0J4q3iBTt9UZaP9fsx1INDVqwa/WDOblutFcgzdcINi/cWOOW z0iEsb+MPCGHh1Iu6/xLgWw9QqldRdQYOuPay2R3oxzCQMiLDicQRBAGf3HVuG2o fm22wRoEMABnX6+NfznofRY5wPfxGCnWYpSK0KPa0NHCVq5apvY= =yYf7 -----END PGP SIGNATURE----- --QabuUyHbzzRJWlhPrBEMbgUkV38HLlAPv--