strange routing (?) issues with a jail
tsuraan at gmail.com
Thu Sep 29 06:51:08 PDT 2005
On 28/09/05, Glenn Dawson <glenn at antimatter.net> wrote:
> At 04:08 PM 9/28/2005, tsuraan wrote:
> >I have a freebsd 5.3 machine, with a jailed off machine running in it.
> > Let's call them host and slave (they have seperate IP addresses and
> >hostnames). Within the slave, I have sshd and apache running. In the
> >host, I just have sshd running. From within the slave machine, I can
> >connect to localhost ports 80 and 22, with the expected results. From
> >within the host machine, I can connect to the slave's ports 80 and 22
> >correctly as well. From outside that machine, I can only connect to
> >port 22 on the slave. Attempts to connect to port 80 on the slave
> >time out.
> >The slave is running apache version 1.33+modssl from ports. I have it
> >configured with a basic vhosting setup, and it seems to work perfectly
> >from within the physical machine the jail is running on. Pf is
> >totally disabled, and it's a fresh install with no strange services
> >running or unnecessary packages installed. Can anyone give a hint as
> >to why someone external would be unable to connect to port 80, but
> >able to connect to port 22?
> Are the IP's for the host and the jail on the same network? A look
> at the relevant portions of rc.conf from both the host and the jail
> would be most helpful in troubleshooting the problem.
The rc.conf for the host looks like this:
inetd_flags="-wW -a 192.168.240.104"
#ifconfig_fxp0="inet 192.168.240.104 netmask 255.255.127.0"
ifconfig_fxp0_alias0="inet 192.168.240.224 netmask 255.255.255.255"
ifconfig_fxp0_alias1="inet 192.168.240.225 netmask 255.255.255.255"
And the jail looks like this:
> You'll also want to make sure that sshd in the host is being told to
> listen only to it's IP. If you don't and there's no sshd running in
> the jail, you'll get a connection to the host instead of the jail.
When I log into the jail through ssh from an external computer, I am
logging in to the correct machine:
my-box:~ $ ssh 192.168.240.104
host:~ $ hostname
my-box:~ $ ssh 192.168.240.224
But if I try to telnet to port 80 on the slave, it only works from the
my-box:~ $ telnet 192.168.240.224 80
telnet: connect to address 192.168.240.224: Operation timed out
telnet: Unable to connect to remote host
host:~ $ telnet 192.168.240.224 80
Connected to 224-240-168-192.domain.dom.
Escape character is '^]'.
So, apache is clearly running, but not answering to external queries.
Running ifconfig from within the jail gives me:
$ ifconfig fxp0
fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 192.168.240.224 netmask 0xffffff00 broadcast 192.168.240.255
media: Ethernet autoselect (100baseTX <full-duplex>)
And I can ping google from within the jail, and that works. So, any ideas?
More information about the freebsd-questions