Two NIC's inside a Jail

Chris Kiakas chris at tellme3times.com
Fri Mar 23 20:23:32 UTC 2018 

Hi,

Sorry that I am coming to the conversation a little late. I have several systems Which run with multiple IP connections where the jail responds to multiple IPs

I set /etc/rc.conf to just control the ips of the host.  as an example;

ifconfig_igb1="inet AAA.AAA.AAA.1 netmask 255.255.255.0"
defaultrouter=“AAA.AAA.AAA.1”
ifconfig_igb2="inet 192.168.10.1 netmask 255.255.255.0"
ifconfig_igb4="UP"
ifconfig_igb5="UP"
ifconfig_igb6="UP"
ifconfig_igb7="UP"
cloned_interfaces="lagg0"
ifconfig_lagg0="laggproto lacp laggport igb4 laggport igb5 laggport igb6 laggport igb7 192.168.12.14/24”


The jail is then set with it’s jail.conf file as such;
jailname {
host.hostname       =  “jailname";
ip4.addr            =  “igb1|AAA.AAA.AAA.2/24”;
ip4.addr		+= “igb2|192.168.10.21/24”;
ip4.addr            +=  "lagg0|192.168.12.32/24";
path                =  "/usr/jail/jailname";
exec.start          =  "/bin/sh /etc/rc";
exec.stop           =  "/bin/sh /etc/rc.shutdown";
exec.consolelog     =  "/var/log/jail.jailname.console.log";
mount.devfs;
}


My interfaces are igb# your's are em0
Apache is set to listen to;

Listen :80

If the Apache setup is not complex it should just work on all IP. If you are running vhosts you will need to specify ServerName and/or ServerAliases in apache.

If the jail requires a different gateway than the defaultrouter then you will need to setup fibs.


Chris


> On Mar 23, 2018, at 3:17 PM, joerg_surmann <joerg_surmann at elektropost.org> wrote:
> 
> Hi,
> 
> thanks for yor help.
> 
> I can't find a solution.
> 
> But i have find a starnge ip config.
> 
> in rc.conf on Host(not jail)
> 
> ifconfig_vmx0_alias1="inet 192.168.100.2  netmask 255.255.255.0"
> ifconfig_em0="inet 213.70.80.92 netmask 255.255.255.0"
> 
> ifconfig on host say:
> inet 213.70.80.92 netmask 0xffffffff broadcast 213.70.80.92
> inet 192.168.100.2  netmask 0xffffffff broadcast 192.168.100.2
> 
> ifconfig say to both ip's /32.
> 
> Maby that's the reason for unavailable the apache.
> 
> ifconfig iside the jail say the same.
> 
> I'm a little bit confused.
> 
> 
> 
> Am 23.03.2018 um 18:25 schrieb Marek Zarychta:
>> On Fri, Mar 23, 2018 at 04:01:30PM +0100, Joerg Surmann wrote:
>>> Hi all,
>>> 
>>> I have a Problem to understund how to manage 2 Networks inside a Jail.
>>> 
>>> i have create a jail (using ezjail) with a alias IP.  in rc.conf (on
>>> Host):
>>> 
>>> ifconfig_vmx0="inet 192.168.100.1 netmask 255.255.255.0"
>>> ifconfig_vmx0_alias0="inet 192.168.100.2 netmask 255.255.255.0"  <-
>>> this is the jail ip
>>> 
>>> Inside the jail running apachhe24.
>>> 
>>> Now i add a new NIC to the System.  in rc.conf (on Host):
>>> ifconfig_em0="inet 213.70.80.92 netmask 255.255.255.0"
>>> 
>>> in /usr/local/etc/ezjail/myjail.conf: i add the new ip export
>>> jail_myjail_ip="192.168.100.2,213.70.80.92"
>>> 
>>> Restart the jail and ifconfig looks fine.  vmx0 -> inet 192.168.100.2
>>> em0  -> inet 213.70.80.92
>>> 
>>> Apache Listen on all NIC's (<VirtualHost *:80>) But i can see my
>>> Website only via 192.168.100.2 from intern Network.
>>> 
>>> The Host is behind a Firewall.  The IP  213.70.80.92 is enabled for
>>> incomming Traffic.
>>> 
>>> When i give the Hostname in a Browser i become "connection Timeout".
>>> 
>>> What is to do that the Host is accessable from Inet?
>>> 
>> Hi Joerg,
>> 
>> I guess your host has default gw reachable via vmx0 and second interface
>> em0 is connected and was reachable at least from firewall protecting
>> address 213.70.80.92? If it is true then you should add:
>> 
>> to /usr/local/etc/ezjail/myjail.conf
>> export jail_myjail_ip="lo1|127.0.1.1,vmx0|192.168.100.2,em0|213.70.80.92"
>> export jail_myjail_fib="1"
>> 
>> to /etc/rc.conf
>> static_routes="net_jails"
>> route_net_jails="default 213.70.80.x -fib 1"
>> 
>> to /boot/loader.conf
>> net.fibs="2"
>> 
>> Eventually take a look at setfib(1) and also consider migrating em
>> adapter to second vmx which shuld be faster and more flexible.
>> 
>> IMHO this questions should be asked rather on freebsd-net list than
>> here.
> 
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20180323/94f0337b/attachment.sig>

More information about the freebsd-stable mailing list