From owner-freebsd-jail@freebsd.org Mon Jul 17 11:34:04 2017 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 21890D7D242; Mon, 17 Jul 2017 11:34:04 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from hz.grosbein.net (hz.grosbein.net [78.47.246.247]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id B2F3481EAB; Mon, 17 Jul 2017 11:34:03 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from eg.sd.rdtc.ru (root@eg.sd.rdtc.ru [62.231.161.221]) by hz.grosbein.net (8.15.2/8.15.2) with ESMTPS id v6HBXmr4078109 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 17 Jul 2017 13:33:48 +0200 (CEST) (envelope-from eugen@grosbein.net) X-Envelope-From: eugen@grosbein.net X-Envelope-To: list1@gjunka.com Received: from eg.sd.rdtc.ru (eugen@localhost [127.0.0.1]) by eg.sd.rdtc.ru (8.15.2/8.15.2) with ESMTP id v6HBXduG054702; Mon, 17 Jul 2017 18:33:39 +0700 (+07) (envelope-from eugen@grosbein.net) Subject: Re: A web server behind two gateways? To: Grzegorz Junka , freebsd-net@freebsd.org, freebsd-jail@freebsd.org References: From: Eugene Grosbein Message-ID: <596CA093.6020508@grosbein.net> Date: Mon, 17 Jul 2017 18:33:39 +0700 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:38.0) Gecko/20100101 Thunderbird/38.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=3.6 required=5.0 tests=BAYES_00, DATE_IN_FUTURE_96_Q, LOCAL_FROM autolearn=no autolearn_force=no version=3.4.1 X-Spam-Report: * 3.3 DATE_IN_FUTURE_96_Q Date: is 4 days to 4 months after Received: date * -2.3 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.0000] * 2.6 LOCAL_FROM From my domains X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on hz.grosbein.net X-Spam-Level: *** X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Jul 2017 11:34:04 -0000 On 16.07.2017 19:48, Grzegorz Junka wrote: > Hello, > > I have a jail running a web server in LAN. There are two routers/WANs > that can connect LAN to the internet. I enabled NAT and port forwarding > to the web server on both routers. > > The problem is that the web server responds to requests only from one > router at a time depending on the default gateway set on the jail's > host. If the default gateway is set as router 1 then the web page can be > opened only through WAN1 and vice versa. > > Can I configure either router/host/jail so that the web server sends the > response back to the IP that sent the request packet rather than to the > default gateway? This is the job of external NAT box to route translated replys to right WAN based on external source IP address produced during translation of the reply. The jail or internal NAT have nothing to do with the problem. So, the solution depends of kind of NAT you use. > And a bonus question, how can I configure two jails so that each jail > sends packets to a different gateway (which may or may not be the same > as the jails' host's default gateway)? Read "man jail" for "vnet" feature.