two NIC's in a jail
Miroslav Lachman
000.fbsd at quip.cz
Fri Mar 23 16:41:04 UTC 2018
Joerg Surmann wrote on 2018/03/23 17:14:
> tail -f /var/log/httpd-access.log
> 192.168.100.2 - - [23/Mar/2018:13:12:10 +0000] "OPTIONS * HTTP/1.0" 200 -
> 192.168.100.2 - - [23/Mar/2018:15:12:02 +0000] "OPTIONS * HTTP/1.0" 200 -
> 213.70.80.92 - - [23/Mar/2018:15:33:07 +0000] "OPTIONS * HTTP/1.0" 200 -
> 213.70.80.92 - - [23/Mar/2018:15:33:08 +0000] "OPTIONS * HTTP/1.0" 200 -
> 213.70.80.92 - - [23/Mar/2018:15:33:09 +0000] "OPTIONS * HTTP/1.0" 200 -
> 213.70.80.92 - - [23/Mar/2018:15:35:37 +0000] "GET / HTTP/1.1" 302 209
> 213.70.80.92 - - [23/Mar/2018:15:35:44 +0000] "OPTIONS * HTTP/1.0" 200 -
> 213.70.80.92 - - [23/Mar/2018:15:35:45 +0000] "OPTIONS * HTTP/1.0" 200 -
> 213.70.80.92 - - [23/Mar/2018:15:35:46 +0000] "OPTIONS * HTTP/1.0" 200 -
> 213.70.80.92 - - [23/Mar/2018:15:58:05 +0000] "GET / HTTP/1.1" 302 209
How did you do the request from 213.70.80.92? It was made from localhost
where Apache runs?
> jls -v
> JID Hostname Path
> Name State
> CPUSetID
> IP Address(es)
>
> 2 apache24 /usr/jails/apache24
> apache24 ACTIVE
> 3
> 192.168.100.2
> 213.70.80.92
Looks good
> jls -s
>
> devfs_ruleset=0 enforce_statfs=2 host=new ip4=disable ip6=disable jid=2
> name=apache24 osreldate=1101001 osrelease=11.1-RELEASE
> path=/usr/jails/apache24 nopersist securelevel=-1 sysvmsg=disable
> sysvsem=disable sysvshm=disable allow.nochflags allow.mount
> allow.mount.nodevfs allow.mount.nofdescfs allow.mount.nolinprocfs
> allow.mount.nolinsysfs allow.mount.nonullfs allow.mount.noprocfs
> allow.mount.notmpfs allow.mount.nozfs allow.noquotas allow.raw_sockets
> allow.noset_hostname allow.nosocket_af allow.nosysvipc children.max=0
> host.domainname="" host.hostid=0 host.hostname=apache24
> host.hostuuid=00000000-0000-0000-0000-000000000000
This is strange. You have ip4=disable ip6=disable. My jails have
"ip4=new ip6=disable"
And you don't have ip4.addr at all. I have ip4.addr=172.16.16.2 for example
Miroslav Lachman
> Am 23.03.2018 um 16:58 schrieb Miroslav Lachman:
>> Joerg Surmann wrote on 2018/03/23 16:45:
>>> Thanks for replay.
>>>
>>> netstat -an | egrep 'tcp4.*80 .*LISTEN'
>>> say:
>>> netstat: kvm not available: /dev/mem No such file or directory <- is
>>> inside a jail.
>>> tcp4 0 0 *.80 *.* LISTEN
>>>
>>> grep -i Listen /usr/local/etc/apache24/httpd.conf
>>>
>>> Listen 80
>>> Listen 443
>>>
>>> From the internal IP is no Problem.
>>> You are right. I'm not sure on wich IP's Apache is listening.
>>>
>>> I have change the Listen directive to the external IP in httpd.conf
>>> Listen 213.70.80.92:80
>>>
>>> netstat -an | egrep 'tcp4.*80 .*LISTEN'
>>> now say:
>>> tcp4 0 0 213.70.80.92:80 *.* LISTEN
>>>
>>> But apache is not availble from Internet.
>>> From Intranet... no Problem.
>>>
>>> When i use tcpdump on Host i can see Traffic.
>>>
>>> Whats wrong?
>>
>> That's strange.
>>
>> Listen 80 and Listen 443 is OK, it is the same as
>> Listen *:80
>> Listen *:443
>> and as you see with netstat, Apache was listening on both IPs:
>> *.80 *.* LISTEN
>>
>> Do you have something listening on port 80 in the Host?
>>
>> What netstat shows in the host?
>>
>> Also check Apache log files. If you didn't configure virtual host,
>> then you have just these two log files:
>> /var/log/httpd-access.log
>> /var/log/httpd-error.log
>>
>> Use tail and then try to access your website from the internet
>>
>> # tail -f /var/log/httpd-*.log
>>
>> Please send what "jls -v" in the Host will show you. (there should be
>> 2 IPs for your jail) or "jls -s" (replace any sensitive informations
>> if you want)
>>
>> And move this discussion to proper mailing list:
>> freebsd-jail at FreeBSD.org
>>
More information about the freebsd-jail
mailing list