Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 23 Mar 2018 16:07:26 +0100
From:      Miroslav Lachman <000.fbsd@quip.cz>
To:        Joerg Surmann <joerg_surmann@elektropost.org>, freebsd-current@freebsd.org
Subject:   Re: two NIC's in a jail
Message-ID:  <31fe7e04-4373-2454-aff5-0bd74b3f4b4e@quip.cz>
In-Reply-To: <63ecbccc-48e2-4c67-fbf5-0a73094f29be@elektropost.org>
index | next in thread | previous in thread | raw e-mail 

Joerg Surmann wrote on 2018/03/23 13:49:
> Hi all,
> 
> I have a Problem to understund how to manage 2 Networks inside a Jail.
> 
> i have create a jail (using ezjail) with a alias IP.
> in rc.conf (on Host):
> 
> ifconfig_vmx0="inet 192.168.100.1 netmask 255.255.255.0"
> ifconfig_vmx0_alias0="inet 192.168.100.2 netmask 255.255.255.0"  <- this
> is the jail ip
> 
> Inside the jail running apachhe24.
> 
> Now i add a new NIC to the System.
> in rc.conf (on Host):
> ifconfig_em0="inet 213.70.80.92 netmask 255.255.255.0"
> 
> in /usr/local/etc/ezjail/myjail.conf:
> i add the new ip
> export jail_myjail_ip="192.168.100.2,213.70.80.92"
> 
> Restart the jail and ifconfig looks fine.
> vmx0 -> inet 192.168.100.2
> em0  -> inet 213.70.80.92
> 
> Apache Listen on all NIC's (<VirtualHost *:80>)
> But i can see my Website only via 192.168.100.2 from intern Network.
> 
> The Host is behind a Firewall.
> The IP  213.70.80.92 is enabled for incomming Traffic.
> 
> When i give the Hostname in a Browser i become "connection Timeout".
> 
> What is to do that the Host is accessable from Inet?

Are you sure Apache is listening on both IPs?

What netstat says?

# netstat -an | egrep 'tcp4.*80 .*LISTEN'

Also check what you have in httpd.conf for Listen directive

# grep -i Listen /usr/local/etc/apache24/httpd.conf

I am not using ezjail, I am using jail.conf

costa {
         host.hostname   = "costa.example.com";
         ip4.addr        = AA.BB.CCC.DDD;
         ip4.addr       += 192.168.222.57;
}

Real IP was replaced with AA.BB.CCC.DDD

And it works. Services inside jail must be listening on both IPs or 
wildcard * (0.0.0.0)

And be sure to disable hosts services to listen on IPs and ports you 
want to be served from jail.

Miroslav Lachman
home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?31fe7e04-4373-2454-aff5-0bd74b3f4b4e>