Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 23 Mar 2018 16:07:26 +0100
From:      Miroslav Lachman <000.fbsd@quip.cz>
To:        Joerg Surmann <joerg_surmann@elektropost.org>, freebsd-current@freebsd.org
Subject:   Re: two NIC's in a jail
Message-ID:  <31fe7e04-4373-2454-aff5-0bd74b3f4b4e@quip.cz>
In-Reply-To: <63ecbccc-48e2-4c67-fbf5-0a73094f29be@elektropost.org>
References:  <63ecbccc-48e2-4c67-fbf5-0a73094f29be@elektropost.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
Joerg Surmann wrote on 2018/03/23 13:49:
> Hi all,
> 
> I have a Problem to understund how to manage 2 Networks inside a Jail.
> 
> i have create a jail (using ezjail) with a alias IP.
> in rc.conf (on Host):
> 
> ifconfig_vmx0="inet 192.168.100.1 netmask 255.255.255.0"
> ifconfig_vmx0_alias0="inet 192.168.100.2 netmask 255.255.255.0"  <- this
> is the jail ip
> 
> Inside the jail running apachhe24.
> 
> Now i add a new NIC to the System.
> in rc.conf (on Host):
> ifconfig_em0="inet 213.70.80.92 netmask 255.255.255.0"
> 
> in /usr/local/etc/ezjail/myjail.conf:
> i add the new ip
> export jail_myjail_ip="192.168.100.2,213.70.80.92"
> 
> Restart the jail and ifconfig looks fine.
> vmx0 -> inet 192.168.100.2
> em0  -> inet 213.70.80.92
> 
> Apache Listen on all NIC's (<VirtualHost *:80>)
> But i can see my Website only via 192.168.100.2 from intern Network.
> 
> The Host is behind a Firewall.
> The IP  213.70.80.92 is enabled for incomming Traffic.
> 
> When i give the Hostname in a Browser i become "connection Timeout".
> 
> What is to do that the Host is accessable from Inet?

Are you sure Apache is listening on both IPs?

What netstat says?

# netstat -an | egrep 'tcp4.*80 .*LISTEN'

Also check what you have in httpd.conf for Listen directive

# grep -i Listen /usr/local/etc/apache24/httpd.conf

I am not using ezjail, I am using jail.conf

costa {
         host.hostname   = "costa.example.com";
         ip4.addr        = AA.BB.CCC.DDD;
         ip4.addr       += 192.168.222.57;
}

Real IP was replaced with AA.BB.CCC.DDD

And it works. Services inside jail must be listening on both IPs or 
wildcard * (0.0.0.0)

And be sure to disable hosts services to listen on IPs and ports you 
want to be served from jail.

Miroslav Lachman

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?31fe7e04-4373-2454-aff5-0bd74b3f4b4e>