From owner-freebsd-jail@freebsd.org Fri Mar 23 16:41:04 2018 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 141F2F582BA for ; Fri, 23 Mar 2018 16:41:04 +0000 (UTC) (envelope-from SRS0=pJyN=GN=quip.cz=000.fbsd@elsa.codelab.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 9BB397DBA1 for ; Fri, 23 Mar 2018 16:41:03 +0000 (UTC) (envelope-from SRS0=pJyN=GN=quip.cz=000.fbsd@elsa.codelab.cz) Received: from elsa.codelab.cz (localhost [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id CAA8A28458; Fri, 23 Mar 2018 17:41:01 +0100 (CET) Received: from illbsd.quip.test (ip-86-49-16-209.net.upcbroadband.cz [86.49.16.209]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id A778028469; Fri, 23 Mar 2018 17:41:00 +0100 (CET) Subject: Re: two NIC's in a jail To: Joerg Surmann , FreeBSD-Jail References: <63ecbccc-48e2-4c67-fbf5-0a73094f29be@elektropost.org> <31fe7e04-4373-2454-aff5-0bd74b3f4b4e@quip.cz> <5decebc0-0a77-69fd-4547-8a1665300890@quip.cz> <78112343-662e-7890-f5ee-668fda23b834@elektropost.org> From: Miroslav Lachman <000.fbsd@quip.cz> Message-ID: Date: Fri, 23 Mar 2018 17:41:00 +0100 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Firefox/52.0 SeaMonkey/2.49.1 MIME-Version: 1.0 In-Reply-To: <78112343-662e-7890-f5ee-668fda23b834@elektropost.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Mar 2018 16:41:04 -0000 Joerg Surmann wrote on 2018/03/23 17:14: > tail -f /var/log/httpd-access.log > 192.168.100.2 - - [23/Mar/2018:13:12:10 +0000] "OPTIONS * HTTP/1.0" 200 - > 192.168.100.2 - - [23/Mar/2018:15:12:02 +0000] "OPTIONS * HTTP/1.0" 200 - > 213.70.80.92 - - [23/Mar/2018:15:33:07 +0000] "OPTIONS * HTTP/1.0" 200 - > 213.70.80.92 - - [23/Mar/2018:15:33:08 +0000] "OPTIONS * HTTP/1.0" 200 - > 213.70.80.92 - - [23/Mar/2018:15:33:09 +0000] "OPTIONS * HTTP/1.0" 200 - > 213.70.80.92 - - [23/Mar/2018:15:35:37 +0000] "GET / HTTP/1.1" 302 209 > 213.70.80.92 - - [23/Mar/2018:15:35:44 +0000] "OPTIONS * HTTP/1.0" 200 - > 213.70.80.92 - - [23/Mar/2018:15:35:45 +0000] "OPTIONS * HTTP/1.0" 200 - > 213.70.80.92 - - [23/Mar/2018:15:35:46 +0000] "OPTIONS * HTTP/1.0" 200 - > 213.70.80.92 - - [23/Mar/2018:15:58:05 +0000] "GET / HTTP/1.1" 302 209 How did you do the request from 213.70.80.92? It was made from localhost where Apache runs? > jls -v >    JID  Hostname                      Path >         Name                          State >         CPUSetID >         IP Address(es) > >      2  apache24                      /usr/jails/apache24 >         apache24                      ACTIVE >         3 >         192.168.100.2 >         213.70.80.92 Looks good > jls -s > > devfs_ruleset=0 enforce_statfs=2 host=new ip4=disable ip6=disable jid=2 > name=apache24 osreldate=1101001 osrelease=11.1-RELEASE > path=/usr/jails/apache24 nopersist securelevel=-1 sysvmsg=disable > sysvsem=disable sysvshm=disable allow.nochflags allow.mount > allow.mount.nodevfs allow.mount.nofdescfs allow.mount.nolinprocfs > allow.mount.nolinsysfs allow.mount.nonullfs allow.mount.noprocfs > allow.mount.notmpfs allow.mount.nozfs allow.noquotas allow.raw_sockets > allow.noset_hostname allow.nosocket_af allow.nosysvipc children.max=0 > host.domainname="" host.hostid=0 host.hostname=apache24 > host.hostuuid=00000000-0000-0000-0000-000000000000 This is strange. You have ip4=disable ip6=disable. My jails have "ip4=new ip6=disable" And you don't have ip4.addr at all. I have ip4.addr=172.16.16.2 for example Miroslav Lachman > Am 23.03.2018 um 16:58 schrieb Miroslav Lachman: >> Joerg Surmann wrote on 2018/03/23 16:45: >>> Thanks for replay. >>> >>> netstat -an | egrep 'tcp4.*80 .*LISTEN' >>> say: >>> netstat: kvm not available: /dev/mem No such file or directory <- is >>> inside a jail. >>> tcp4    0        0 *.80        *.*        LISTEN >>> >>> grep -i Listen /usr/local/etc/apache24/httpd.conf >>> >>> Listen 80 >>> Listen 443 >>> >>>  From the internal IP is no Problem. >>> You are right. I'm not sure on wich IP's Apache is listening. >>> >>> I have change the Listen directive to the external IP in httpd.conf >>> Listen 213.70.80.92:80 >>> >>> netstat -an | egrep 'tcp4.*80 .*LISTEN' >>> now say: >>> tcp4    0        0  213.70.80.92:80        *.*        LISTEN >>> >>> But apache is not availble from Internet. >>>  From Intranet... no Problem. >>> >>> When i use tcpdump on Host i can see Traffic. >>> >>> Whats wrong? >> >> That's strange. >> >> Listen 80 and Listen 443 is OK, it is the same as >>   Listen *:80 >>   Listen *:443 >> and as you see with netstat, Apache was listening on both IPs: >>  *.80        *.*        LISTEN >> >> Do you have something listening on port 80 in the Host? >> >> What netstat shows in the host? >> >> Also check Apache log files. If you didn't configure virtual host, >> then you have just these two log files: >> /var/log/httpd-access.log >> /var/log/httpd-error.log >> >> Use tail and then try to access your website from the internet >> >> # tail -f /var/log/httpd-*.log >> >> Please send what "jls -v" in the Host will show you. (there should be >> 2 IPs for your jail) or "jls -s"  (replace any sensitive informations >> if you want) >> >> And move this discussion to proper mailing list: >> freebsd-jail@FreeBSD.org >>