From owner-freebsd-jail@freebsd.org Mon Jul 17 16:56:38 2017 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 97088D9A4C1; Mon, 17 Jul 2017 16:56:38 +0000 (UTC) (envelope-from sodynet1@gmail.com) Received: from mail-wm0-x22b.google.com (mail-wm0-x22b.google.com [IPv6:2a00:1450:400c:c09::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 26E60675F1; Mon, 17 Jul 2017 16:56:38 +0000 (UTC) (envelope-from sodynet1@gmail.com) Received: by mail-wm0-x22b.google.com with SMTP id b134so338909wma.0; Mon, 17 Jul 2017 09:56:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=dL0PdReWCoyom0NJXpUBa1/Ctisjj9PWDOk+oS69xdw=; b=lGC/U6i7f1TYC85OzNmSU/nUWnPE7yrLM0RRuITEwbnZwu21fs6ou3j91w0bhI7lrA sNbirAiNM+JEjNvgJ8+VuXne6DXWXm8MreKATbJy6hUxg0wCgPWqk75795vc7dH2SVXt 94U64DWSJIjY76EQH4dlgjQffWFOqluKk37zMhFd2E1JbKs089Ja0yj9ttK+GM5oWRP2 BzlKl7yhBC+KpehnR/PY2lMSwWhqlbz28ZwjlCjXj7/ryWdWxXME/J42bKkkFy7Rjgmk clrJcbJSFr6QJ3MnFg9eHtxKQEvibCa/o3SckPP/ldlJPIEsImFt9+h9K2fIu/j0LLKH /UMQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=dL0PdReWCoyom0NJXpUBa1/Ctisjj9PWDOk+oS69xdw=; b=ZwZw4DDXMyue1BiMMoIN5/U9BFdlEhuJObwUWvjBtWrkGoiqsWZV/7evg9uFwRzaR7 0FlGgNR577cy8a60P+fVJ518FSPiggV0epNzGSC1HWLrMecS5mIzTbUAwwAD2x1A3Znb zryDDPE2RN47IzIH/+T6GBFtg6UrAgjTFwKPXQ/iYtfDcINXAuXiaPGjLNpJhz+0VRIs X4V7xQHMdVKDV78RCLMt9yFirYLb+EMViWY1GNCq88oasioeP1waIXm0ooon012ujt+Z AN1RYkF1QuyfIwxH08ekMCcuILwQhPpWARgmG6KUQhMGJy50NKStFog9CptCrTjOsOoI ne4g== X-Gm-Message-State: AIVw11164clML41lI94mziab45EEhC9qyMq6YsR0FLkpVHvjLj/mRUEp ye6i8z48vzP1Ssef7ijWforMpxie9A== X-Received: by 10.28.232.141 with SMTP id f13mr4732384wmi.59.1500310596207; Mon, 17 Jul 2017 09:56:36 -0700 (PDT) MIME-Version: 1.0 Received: by 10.223.157.14 with HTTP; Mon, 17 Jul 2017 09:56:35 -0700 (PDT) Received: by 10.223.157.14 with HTTP; Mon, 17 Jul 2017 09:56:35 -0700 (PDT) In-Reply-To: <596CA093.6020508@grosbein.net> References: <596CA093.6020508@grosbein.net> From: Sami Halabi Date: Mon, 17 Jul 2017 19:56:35 +0300 Message-ID: Subject: Re: A web server behind two gateways? To: Eugene Grosbein Cc: freebsd-net@freebsd.org, Grzegorz Junka , freebsd-jail@freebsd.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Jul 2017 16:56:38 -0000 Hi, simple solution i can think about is: 1. launch 1st jail apache/nginx with db (mysql?) ve sure to use mysql address accesible vian jail2 (maybe epair), this jail will use default route, lets say wan1. 2. launch 2nd jail with vnet, default route wan2, mount the same data directories as jail1, and apache/nginx, since the ip of the db is the internal ip between jails it'll connect to the 1st db. this way you have 2 jails that share same data dir but service users vian different wans behind nat. Hope the idea helps. Sami =D7=91=D7=AA=D7=90=D7=A8=D7=99=D7=9A 17 =D7=91=D7=99=D7=95=D7=9C=D7=99 2017= 02:34 PM,=E2=80=8F "Eugene Grosbein" =D7=9B=D7=AA=D7= =91: > On 16.07.2017 19:48, Grzegorz Junka wrote: > > Hello, > > > > I have a jail running a web server in LAN. There are two routers/WANs > > that can connect LAN to the internet. I enabled NAT and port forwarding > > to the web server on both routers. > > > > The problem is that the web server responds to requests only from one > > router at a time depending on the default gateway set on the jail's > > host. If the default gateway is set as router 1 then the web page can b= e > > opened only through WAN1 and vice versa. > > > > Can I configure either router/host/jail so that the web server sends th= e > > response back to the IP that sent the request packet rather than to the > > default gateway? > > This is the job of external NAT box to route translated replys to right W= AN > based on external source IP address produced during translation of the > reply. > The jail or internal NAT have nothing to do with the problem. > > So, the solution depends of kind of NAT you use. > > > And a bonus question, how can I configure two jails so that each jail > > sends packets to a different gateway (which may or may not be the same > > as the jails' host's default gateway)? > > Read "man jail" for "vnet" feature. > > _______________________________________________ > freebsd-jail@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" >