two NIC's in a jail
Miroslav Lachman
000.fbsd at quip.cz
Fri Mar 23 15:07:30 UTC 2018
Joerg Surmann wrote on 2018/03/23 13:49:
> Hi all,
>
> I have a Problem to understund how to manage 2 Networks inside a Jail.
>
> i have create a jail (using ezjail) with a alias IP.
> in rc.conf (on Host):
>
> ifconfig_vmx0="inet 192.168.100.1 netmask 255.255.255.0"
> ifconfig_vmx0_alias0="inet 192.168.100.2 netmask 255.255.255.0" <- this
> is the jail ip
>
> Inside the jail running apachhe24.
>
> Now i add a new NIC to the System.
> in rc.conf (on Host):
> ifconfig_em0="inet 213.70.80.92 netmask 255.255.255.0"
>
> in /usr/local/etc/ezjail/myjail.conf:
> i add the new ip
> export jail_myjail_ip="192.168.100.2,213.70.80.92"
>
> Restart the jail and ifconfig looks fine.
> vmx0 -> inet 192.168.100.2
> em0 -> inet 213.70.80.92
>
> Apache Listen on all NIC's (<VirtualHost *:80>)
> But i can see my Website only via 192.168.100.2 from intern Network.
>
> The Host is behind a Firewall.
> The IP 213.70.80.92 is enabled for incomming Traffic.
>
> When i give the Hostname in a Browser i become "connection Timeout".
>
> What is to do that the Host is accessable from Inet?
Are you sure Apache is listening on both IPs?
What netstat says?
# netstat -an | egrep 'tcp4.*80 .*LISTEN'
Also check what you have in httpd.conf for Listen directive
# grep -i Listen /usr/local/etc/apache24/httpd.conf
I am not using ezjail, I am using jail.conf
costa {
host.hostname = "costa.example.com";
ip4.addr = AA.BB.CCC.DDD;
ip4.addr += 192.168.222.57;
}
Real IP was replaced with AA.BB.CCC.DDD
And it works. Services inside jail must be listening on both IPs or
wildcard * (0.0.0.0)
And be sure to disable hosts services to listen on IPs and ports you
want to be served from jail.
Miroslav Lachman
More information about the freebsd-current
mailing list