From owner-freebsd-current@freebsd.org Fri Mar 23 15:07:30 2018 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9AA6CF4F869 for ; Fri, 23 Mar 2018 15:07:30 +0000 (UTC) (envelope-from SRS0=pJyN=GN=quip.cz=000.fbsd@elsa.codelab.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 3E634789A5 for ; Fri, 23 Mar 2018 15:07:30 +0000 (UTC) (envelope-from SRS0=pJyN=GN=quip.cz=000.fbsd@elsa.codelab.cz) Received: from elsa.codelab.cz (localhost [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id 05FAF28460; Fri, 23 Mar 2018 16:07:28 +0100 (CET) Received: from illbsd.quip.test (ip-86-49-16-209.net.upcbroadband.cz [86.49.16.209]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id 353BB28411; Fri, 23 Mar 2018 16:07:27 +0100 (CET) Subject: Re: two NIC's in a jail To: Joerg Surmann , freebsd-current@freebsd.org References: <63ecbccc-48e2-4c67-fbf5-0a73094f29be@elektropost.org> From: Miroslav Lachman <000.fbsd@quip.cz> Message-ID: <31fe7e04-4373-2454-aff5-0bd74b3f4b4e@quip.cz> Date: Fri, 23 Mar 2018 16:07:26 +0100 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Firefox/52.0 SeaMonkey/2.49.1 MIME-Version: 1.0 In-Reply-To: <63ecbccc-48e2-4c67-fbf5-0a73094f29be@elektropost.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Mar 2018 15:07:30 -0000 Joerg Surmann wrote on 2018/03/23 13:49: > Hi all, > > I have a Problem to understund how to manage 2 Networks inside a Jail. > > i have create a jail (using ezjail) with a alias IP. > in rc.conf (on Host): > > ifconfig_vmx0="inet 192.168.100.1 netmask 255.255.255.0" > ifconfig_vmx0_alias0="inet 192.168.100.2 netmask 255.255.255.0"  <- this > is the jail ip > > Inside the jail running apachhe24. > > Now i add a new NIC to the System. > in rc.conf (on Host): > ifconfig_em0="inet 213.70.80.92 netmask 255.255.255.0" > > in /usr/local/etc/ezjail/myjail.conf: > i add the new ip > export jail_myjail_ip="192.168.100.2,213.70.80.92" > > Restart the jail and ifconfig looks fine. > vmx0 -> inet 192.168.100.2 > em0  -> inet 213.70.80.92 > > Apache Listen on all NIC's () > But i can see my Website only via 192.168.100.2 from intern Network. > > The Host is behind a Firewall. > The IP  213.70.80.92 is enabled for incomming Traffic. > > When i give the Hostname in a Browser i become "connection Timeout". > > What is to do that the Host is accessable from Inet? Are you sure Apache is listening on both IPs? What netstat says? # netstat -an | egrep 'tcp4.*80 .*LISTEN' Also check what you have in httpd.conf for Listen directive # grep -i Listen /usr/local/etc/apache24/httpd.conf I am not using ezjail, I am using jail.conf costa { host.hostname = "costa.example.com"; ip4.addr = AA.BB.CCC.DDD; ip4.addr += 192.168.222.57; } Real IP was replaced with AA.BB.CCC.DDD And it works. Services inside jail must be listening on both IPs or wildcard * (0.0.0.0) And be sure to disable hosts services to listen on IPs and ports you want to be served from jail. Miroslav Lachman