Date: Sat, 24 Mar 2018 00:15:24 +0100 From: Miroslav Lachman <000.fbsd@quip.cz> To: joerg_surmann <joerg_surmann@elektropost.org>, FreeBSD-Jail <freebsd-jail@FreeBSD.org> Subject: Re: two NIC's in a jail Message-ID: <a476aee4-2539-c013-3c37-b50161119288@quip.cz> In-Reply-To: <2ad4c65f-6940-10fb-eccd-fa31a43a793a@elektropost.org> References: <63ecbccc-48e2-4c67-fbf5-0a73094f29be@elektropost.org> <31fe7e04-4373-2454-aff5-0bd74b3f4b4e@quip.cz> <bb02401b-e43b-7800-5a15-025636a2971f@elektropost.org> <5decebc0-0a77-69fd-4547-8a1665300890@quip.cz> <78112343-662e-7890-f5ee-668fda23b834@elektropost.org> <c6145b6c-e379-4c25-e7ba-1ce20ff89815@quip.cz> <2ad4c65f-6940-10fb-eccd-fa31a43a793a@elektropost.org>
next in thread | previous in thread | raw e-mail | index | archive | help
joerg_surmann wrote on 2018/03/23 20:12: > Hi, > > thanks for yor help. > > I can't find a solution. > > But i have find a starnge ip config. > > in rc.conf on Host(not jail) > > ifconfig_vmx0_alias1="inet 192.168.100.2 netmask 255.255.255.0" > ifconfig_em0="inet 213.70.80.92 netmask 255.255.255.0" > > ifconfig on host say: > inet 213.70.80.92 netmask 0xffffffff broadcast 213.70.80.92 > inet 192.168.100.2 netmask 0xffffffff broadcast 192.168.100.2 > > ifconfig say to both ip's /32. > > Maby that's the reason for unavailable the apache. > > ifconfig iside the jail say the same. > > I'm a little bit confused. I think it can be a problem with your configuration of ezjail. I am not sure but if I remember it well if you set IP for jail in ezjail configuration it will be added to network interface on startup nad removed on stop of the jail. So when you start the host you will have 192.168.100.2/24 but after jail start you will end up with 192.168.100.2/32. Can you confirm this? (reboot the machine with ezjail disabled in rc.conf) You need to configure ezjail to not manage IPs on interfaces. Please post content of ezjail.conf and full conf of your jail. > Am 23.03.2018 um 17:41 schrieb Miroslav Lachman: >> Joerg Surmann wrote on 2018/03/23 17:14: >>> tail -f /var/log/httpd-access.log >>> 192.168.100.2 - - [23/Mar/2018:13:12:10 +0000] "OPTIONS * HTTP/1.0" >>> 200 - >>> 192.168.100.2 - - [23/Mar/2018:15:12:02 +0000] "OPTIONS * HTTP/1.0" >>> 200 - >>> 213.70.80.92 - - [23/Mar/2018:15:33:07 +0000] "OPTIONS * HTTP/1.0" 200 - >>> 213.70.80.92 - - [23/Mar/2018:15:33:08 +0000] "OPTIONS * HTTP/1.0" 200 - >>> 213.70.80.92 - - [23/Mar/2018:15:33:09 +0000] "OPTIONS * HTTP/1.0" 200 - >>> 213.70.80.92 - - [23/Mar/2018:15:35:37 +0000] "GET / HTTP/1.1" 302 209 >>> 213.70.80.92 - - [23/Mar/2018:15:35:44 +0000] "OPTIONS * HTTP/1.0" 200 - >>> 213.70.80.92 - - [23/Mar/2018:15:35:45 +0000] "OPTIONS * HTTP/1.0" 200 - >>> 213.70.80.92 - - [23/Mar/2018:15:35:46 +0000] "OPTIONS * HTTP/1.0" 200 - >>> 213.70.80.92 - - [23/Mar/2018:15:58:05 +0000] "GET / HTTP/1.1" 302 209 >> >> How did you do the request from 213.70.80.92? It was made from >> localhost where Apache runs? >> >>> jls -v >>> JID Hostname Path >>> Name State >>> CPUSetID >>> IP Address(es) >>> >>> 2 apache24 /usr/jails/apache24 >>> apache24 ACTIVE >>> 3 >>> 192.168.100.2 >>> 213.70.80.92 >> >> Looks good >> >>> jls -s >>> >>> devfs_ruleset=0 enforce_statfs=2 host=new ip4=disable ip6=disable >>> jid=2 name=apache24 osreldate=1101001 osrelease=11.1-RELEASE >>> path=/usr/jails/apache24 nopersist securelevel=-1 sysvmsg=disable >>> sysvsem=disable sysvshm=disable allow.nochflags allow.mount >>> allow.mount.nodevfs allow.mount.nofdescfs allow.mount.nolinprocfs >>> allow.mount.nolinsysfs allow.mount.nonullfs allow.mount.noprocfs >>> allow.mount.notmpfs allow.mount.nozfs allow.noquotas >>> allow.raw_sockets allow.noset_hostname allow.nosocket_af >>> allow.nosysvipc children.max=0 host.domainname="" host.hostid=0 >>> host.hostname=apache24 >>> host.hostuuid=00000000-0000-0000-0000-000000000000 >> >> This is strange. You have ip4=disable ip6=disable. My jails have >> "ip4=new ip6=disable" >> And you don't have ip4.addr at all. I have ip4.addr=172.16.16.2 for >> example >> >> Miroslav Lachman >> >> >>> Am 23.03.2018 um 16:58 schrieb Miroslav Lachman: >>>> Joerg Surmann wrote on 2018/03/23 16:45: >>>>> Thanks for replay. >>>>> >>>>> netstat -an | egrep 'tcp4.*80 .*LISTEN' >>>>> say: >>>>> netstat: kvm not available: /dev/mem No such file or directory <- is >>>>> inside a jail. >>>>> tcp4 0 0 *.80 *.* LISTEN >>>>> >>>>> grep -i Listen /usr/local/etc/apache24/httpd.conf >>>>> >>>>> Listen 80 >>>>> Listen 443 >>>>> >>>>> From the internal IP is no Problem. >>>>> You are right. I'm not sure on wich IP's Apache is listening. >>>>> >>>>> I have change the Listen directive to the external IP in httpd.conf >>>>> Listen 213.70.80.92:80 >>>>> >>>>> netstat -an | egrep 'tcp4.*80 .*LISTEN' >>>>> now say: >>>>> tcp4 0 0 213.70.80.92:80 *.* LISTEN >>>>> >>>>> But apache is not availble from Internet. >>>>> From Intranet... no Problem. >>>>> >>>>> When i use tcpdump on Host i can see Traffic. >>>>> >>>>> Whats wrong? >>>> >>>> That's strange. >>>> >>>> Listen 80 and Listen 443 is OK, it is the same as >>>> Listen *:80 >>>> Listen *:443 >>>> and as you see with netstat, Apache was listening on both IPs: >>>> *.80 *.* LISTEN >>>> >>>> Do you have something listening on port 80 in the Host? >>>> >>>> What netstat shows in the host? >>>> >>>> Also check Apache log files. If you didn't configure virtual host, >>>> then you have just these two log files: >>>> /var/log/httpd-access.log >>>> /var/log/httpd-error.log >>>> >>>> Use tail and then try to access your website from the internet >>>> >>>> # tail -f /var/log/httpd-*.log >>>> >>>> Please send what "jls -v" in the Host will show you. (there should >>>> be 2 IPs for your jail) or "jls -s" (replace any sensitive >>>> informations if you want) >>>> >>>> And move this discussion to proper mailing list: >>>> freebsd-jail@FreeBSD.org >>>> > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?a476aee4-2539-c013-3c37-b50161119288>