Date: Mon, 27 May 2013 13:18:00 +0200 From: "Mats A. Hansen" <matsh@nanogene.org> To: freebsd-jail@freebsd.org Subject: Re: Cant reach Jailed services from internet. Message-ID: <cc5f425486d0fc06e1ddc0a8cbe300ad@nanogene.org> In-Reply-To: <loom.20130527T091739-282@post.gmane.org> References: <loom.20130527T091739-282@post.gmane.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2013-05-27 09:45, Mogamat Abrahams wrote: > Hi, > > Got a 9.1 machine with two jails on it. webjail (IP=.79), > mailjail(IP=.78). > I can reach the jailed services from the host, reach the jails from > each > other, reach the internet from the jails and host, reach the host from > the > internet BUT I cannot reach the jails from the internet. > > I've used EZJAIL to set these up and assigned a public IP address to > the > jails. These IP's are also aliased to the em0 interface of the > host(perhaps > this is a problem?). I am assuming that the jails inherit the routing > of the > host. > > I've seen some posts stating that ports should be forwarded to the > jails, > but that would defeat the possibility of running duplicate services in > separate jails on their own ips. Like have 3 WWW servers on one host, > each > in its own jail. > > Some clues from the bigger brains would be appreciated :-) > > M > > ==================== > HOST ifconfig: > > em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu > 1500 > > options=4219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAG > IC,VLAN_HWTSO> > ether 00:30:48:b0:57:9b > inet 67.205.xx.xx netmask 0xffffffe0 broadcast 67.205.74.63 > inet 174.xx.xx.76 netmask 0xfffffffc broadcast 174.x.x.79 > inet 174.xx.xx.79 netmask 0xfffffffc broadcast 174.x.x.79 > inet 174.xx.xx.77 netmask 0xfffffffc broadcast 174.x.x.79 > inet 174.xx.xx.78 netmask 0xfffffffc broadcast 174.x.x.79 > nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL> > media: Ethernet autoselect (100baseTX <full-duplex>) > status: active > ------------ > Jail ifconfig: > > em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu > 1500 > > options=4219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAG > IC,VLAN_HWTSO> > ether 00:30:48:b0:57:9b > inet 174.x.x.79 netmask 0xffffffff broadcast 174.x.x.79 > media: Ethernet autoselect (100baseTX <full-duplex>) > status: active > lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 > options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6> > > > > _______________________________________________ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" Hi Any reason you are running your webjail on the broadcast IP for the subnet? IP range for your 0xfffffffc net would be (.77|.78).
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?cc5f425486d0fc06e1ddc0a8cbe300ad>