From owner-freebsd-questions  Mon Sep  3 23:36:49 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from unix-fu.org (cc796063-d.union1.nj.home.com [65.15.105.168])
	by hub.freebsd.org (Postfix) with SMTP id D92F537B408
	for <freebsd-questions@freebsd.org>; Mon,  3 Sep 2001 23:36:42 -0700 (PDT)
Received: (qmail 88098 invoked by uid 1001); 4 Sep 2001 06:41:05 -0000
Date: 4 Sep 2001 06:41:05 -0000
Message-ID: <20010904064105.88097.qmail@unix-fu.org>
From: chris@unix-fu.org
To: freebsd-questions@freebsd.org
Subject: Jail/Apache issue
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Hi folks,

	I went ahead and followed the manual in the handbook for creating a jail and threw Apaache in there. I have a private network set up which includes my workstation which also has a public interface. Now that that's all known, onto the issues. Below is a tiny diagram of how things are set up: (the public ip's have been replaced with fictional numbers for security purposes as these machines are still in development)


	     NAT Machine: Public IP-1: 4.4.4.3 Public IP-2: 4.4.4.5 Private IP: 10.44.45.1

              |						   |			 	  |
              |------------------[Switch]------------------|------------------------------|
              |               			  	   |				  |
              |			                           |  			 	  |
         Webserver-1: 				  Workstation: (win2k)           Webserver-2: (using NAT machine as gateway/fw)
	 Public IP: 4.4.4.6  			  Public IP: 4.4.4.7		 Private IP: 10.44.34.17
	 Private IP: 10.44.45.10		  Private IP: 10.44.45.16	 Jail IP: 10.44.34.72


Basically, the way I had it configured was to forward port 80 connections from the NAT machine's second public IP to Webserver-2's Jail IP. I tried to access it from my workstation, and nothing happened. So I sniffed the traffic. It was going from my workstation's public IP to webserver-2's Jail IP. I can however reach the webserver from other networks. Next issue, is with Apache and name-based virtual hosts. For some reason, regardless of the address typed in, the main server's DocumentRoot is reached. Here is the section in my Apache config for Virtual hosts:


NameVirtualHost 4.4.4.5
    
<VirtualHost domain1.com>
    ServerAdmin webmaster@domain1.com
    DocumentRoot "/usr/local/apache/domain1.com"
    
<Directory />
    Options FollowSymLinks
    AllowOverride All
</Directory>
<Directory "/usr/local/apache/domain1.com">   
    Options FollowSymLinks MultiViews
    AllowOverride All
    Order allow,deny
    Allow from all
</Directory>

    ServerName www.domain1.com
    ErrorLog /usr/local/apache/logs/domain1-error_log
    CustomLog /usr/local/apache/domain1-access_log combined
</VirtualHost>

<VirtualHost domain2.com>
    ServerAdmin webmaster@domain2.com
    DocumentRoot "/usr/local/apache/domain2.com"
    ServerName www.domain2.com
    ErrorLog /usr/local/apache/logs/domain2/error_log
    CustomLog /usr/local/apache/logs/domain2/access_log combined
</VirtualHost>

I'm basically lost for ideas right now. I'm hoping someone can spot an error or have some idea of what I could be doing wrong. I've also tested against my old chroot configuration, and the webserver works. However, I still cannot get to the site via http from my workstation. I'm using IPNAT/IPF. Any information is greatly appreciated.

	Thanks,

Chris

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message