From owner-freebsd-stable@freebsd.org Fri Mar 23 20:23:32 2018 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7D955F6B815; Fri, 23 Mar 2018 20:23:32 +0000 (UTC) (envelope-from chris@tellme3times.com) Received: from mail.tellme3times.com (j90z.x.rootbsd.net [208.86.227.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 1F5BB8A7DD; Fri, 23 Mar 2018 20:23:31 +0000 (UTC) (envelope-from chris@tellme3times.com) Received: from gatekeeper.tellme3times.com (modemcable074.25-70-69.static.videotron.ca [69.70.25.74]) by mail.tellme3times.com (Postfix) with ESMTP id 947C394104B; Fri, 23 Mar 2018 16:15:17 -0400 (EDT) Received: from [192.168.7.61] (unknown [192.168.7.61]) by gatekeeper.tellme3times.com (Postfix) with ESMTP id 35E8D3727C; Fri, 23 Mar 2018 16:15:17 -0400 (EDT) From: Chris Kiakas Message-Id: Content-Type: multipart/signed; boundary="Apple-Mail=_4E2C9BD6-B7A9-4D60-96EC-D0A8852A43FC"; protocol="application/pgp-signature"; micalg=pgp-sha512 Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\)) Subject: Re: Two NIC's inside a Jail Date: Fri, 23 Mar 2018 16:14:27 -0400 In-Reply-To: Cc: Marek Zarychta , freebsd-stable@freebsd.org, freebsd-current@freebsd.org To: joerg_surmann References: <785ce70f-3f2d-3422-0e95-146b05f7f768@elektropost.org> <20180323172504.GA55971@plan-b.pwste.edu.pl> X-Mailer: Apple Mail (2.3445.5.20) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Mar 2018 20:23:32 -0000 --Apple-Mail=_4E2C9BD6-B7A9-4D60-96EC-D0A8852A43FC Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Hi, Sorry that I am coming to the conversation a little late. I have several = systems Which run with multiple IP connections where the jail responds = to multiple IPs I set /etc/rc.conf to just control the ips of the host. as an example; ifconfig_igb1=3D"inet AAA.AAA.AAA.1 netmask 255.255.255.0" defaultrouter=3D=E2=80=9CAAA.AAA.AAA.1=E2=80=9D ifconfig_igb2=3D"inet 192.168.10.1 netmask 255.255.255.0" ifconfig_igb4=3D"UP" ifconfig_igb5=3D"UP" ifconfig_igb6=3D"UP" ifconfig_igb7=3D"UP" cloned_interfaces=3D"lagg0" ifconfig_lagg0=3D"laggproto lacp laggport igb4 laggport igb5 laggport = igb6 laggport igb7 192.168.12.14/24=E2=80=9D The jail is then set with it=E2=80=99s jail.conf file as such; jailname { host.hostname =3D =E2=80=9Cjailname"; ip4.addr =3D =E2=80=9Cigb1|AAA.AAA.AAA.2/24=E2=80=9D; ip4.addr +=3D =E2=80=9Cigb2|192.168.10.21/24=E2=80=9D; ip4.addr +=3D "lagg0|192.168.12.32/24"; path =3D "/usr/jail/jailname"; exec.start =3D "/bin/sh /etc/rc"; exec.stop =3D "/bin/sh /etc/rc.shutdown"; exec.consolelog =3D "/var/log/jail.jailname.console.log"; mount.devfs; } My interfaces are igb# your's are em0 Apache is set to listen to; Listen :80 If the Apache setup is not complex it should just work on all IP. If you = are running vhosts you will need to specify ServerName and/or = ServerAliases in apache. If the jail requires a different gateway than the defaultrouter then you = will need to setup fibs. Chris > On Mar 23, 2018, at 3:17 PM, joerg_surmann = wrote: >=20 > Hi, >=20 > thanks for yor help. >=20 > I can't find a solution. >=20 > But i have find a starnge ip config. >=20 > in rc.conf on Host(not jail) >=20 > ifconfig_vmx0_alias1=3D"inet 192.168.100.2 netmask 255.255.255.0" > ifconfig_em0=3D"inet 213.70.80.92 netmask 255.255.255.0" >=20 > ifconfig on host say: > inet 213.70.80.92 netmask 0xffffffff broadcast 213.70.80.92 > inet 192.168.100.2 netmask 0xffffffff broadcast 192.168.100.2 >=20 > ifconfig say to both ip's /32. >=20 > Maby that's the reason for unavailable the apache. >=20 > ifconfig iside the jail say the same. >=20 > I'm a little bit confused. >=20 >=20 >=20 > Am 23.03.2018 um 18:25 schrieb Marek Zarychta: >> On Fri, Mar 23, 2018 at 04:01:30PM +0100, Joerg Surmann wrote: >>> Hi all, >>>=20 >>> I have a Problem to understund how to manage 2 Networks inside a = Jail. >>>=20 >>> i have create a jail (using ezjail) with a alias IP. in rc.conf (on >>> Host): >>>=20 >>> ifconfig_vmx0=3D"inet 192.168.100.1 netmask 255.255.255.0" >>> ifconfig_vmx0_alias0=3D"inet 192.168.100.2 netmask 255.255.255.0" = <- >>> this is the jail ip >>>=20 >>> Inside the jail running apachhe24. >>>=20 >>> Now i add a new NIC to the System. in rc.conf (on Host): >>> ifconfig_em0=3D"inet 213.70.80.92 netmask 255.255.255.0" >>>=20 >>> in /usr/local/etc/ezjail/myjail.conf: i add the new ip export >>> jail_myjail_ip=3D"192.168.100.2,213.70.80.92" >>>=20 >>> Restart the jail and ifconfig looks fine. vmx0 -> inet = 192.168.100.2 >>> em0 -> inet 213.70.80.92 >>>=20 >>> Apache Listen on all NIC's () But i can see my >>> Website only via 192.168.100.2 from intern Network. >>>=20 >>> The Host is behind a Firewall. The IP 213.70.80.92 is enabled for >>> incomming Traffic. >>>=20 >>> When i give the Hostname in a Browser i become "connection Timeout". >>>=20 >>> What is to do that the Host is accessable from Inet? >>>=20 >> Hi Joerg, >>=20 >> I guess your host has default gw reachable via vmx0 and second = interface >> em0 is connected and was reachable at least from firewall protecting >> address 213.70.80.92? If it is true then you should add: >>=20 >> to /usr/local/etc/ezjail/myjail.conf >> export = jail_myjail_ip=3D"lo1|127.0.1.1,vmx0|192.168.100.2,em0|213.70.80.92" >> export jail_myjail_fib=3D"1" >>=20 >> to /etc/rc.conf >> static_routes=3D"net_jails" >> route_net_jails=3D"default 213.70.80.x -fib 1" >>=20 >> to /boot/loader.conf >> net.fibs=3D"2" >>=20 >> Eventually take a look at setfib(1) and also consider migrating em >> adapter to second vmx which shuld be faster and more flexible. >>=20 >> IMHO this questions should be asked rather on freebsd-net list than >> here. >=20 >=20 --Apple-Mail=_4E2C9BD6-B7A9-4D60-96EC-D0A8852A43FC Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEi+l+WvjUMve3CBUQ0McJ9XNZ9LEFAlq1YCMACgkQ0McJ9XNZ 9LEplxAAiSrcOP0KVLb1TFuR3NximPUObOk7OPk0ueX4ZW6RaLOMZ/7D1m/tnIl/ TUjLlflzyUeAtXHVj9rYbqXMwpL6ftCtd6U/YAz6kqX5nq3k6vkqE2NjJcFd8Jh0 V0svjA4xMOVai3+M2eBf8CWnYFQT62ekbqK1wTon5vL8us/4VHXIjY81vGugMI6J f3m+94xVE9HHTX79Nrc39cQ/4IAcskdCjF5SgWFSc5GBo/2yh2Sgl3NYUsysPPdV M+/oUqg8ZDKO2PGrHUr02+oPnoRdFoh/1DpT0i0jNjgKlqDiysYy2qI9n+6u9TOL T5OmMmaAoPaVg+0N+2JaH8jvPYv8PCZPcaIhl4YaZlm10liLEXN23riDxv3Wgf6a A52nMJZOjqt+2QLs4eS5i5xhZqLay6SiqRuG9vcvc46WU5x9UyoxjixwYVP0wfyc WmlQEHTsrG6D8is2AphPEYfyc6c+f0ksSFYU7x3VvzoQiAU3QdgOW7DUbAbzpFC/ Du3VTLcy6skYl1qSI02b9V3olP6Ly3GtNVGVfZMEUc/wlmE8IyN4i5JZHj++tY6q amTRisEZQmfLJyyRrtxZKyCPOjmMRD4f9o/K2UUd+F1wmZqp0lklOlQFAu8hDch6 ew6LZgLIILE/MOFsG6b7swq+42AzFVsC9UzZt9su/b9VirbHZ6I= =vV0a -----END PGP SIGNATURE----- --Apple-Mail=_4E2C9BD6-B7A9-4D60-96EC-D0A8852A43FC--