Cant reach Jailed services from internet.

Mats A. Hansen matsh at nanogene.org
Mon May 27 11:23:26 UTC 2013 

On 2013-05-27 09:45, Mogamat Abrahams wrote:
> Hi,
> 
> Got a 9.1 machine with two jails on it.  webjail (IP=.79), 
> mailjail(IP=.78).
> I can reach the jailed services from the host, reach the jails from 
> each
> other, reach the internet from the jails and host, reach the host from 
> the
> internet BUT I cannot reach the jails from the internet.
> 
> I've used EZJAIL to set these up and assigned a public IP address to 
> the
> jails. These IP's are also aliased to the em0 interface of the 
> host(perhaps
> this is a problem?). I am assuming that the jails inherit the routing 
> of the
> host.
> 
> I've seen some posts stating that ports should be forwarded to the 
> jails,
> but that would defeat the possibility of running duplicate services in
> separate jails on their own ips. Like have 3 WWW servers on one host, 
> each
> in its own jail.
> 
> Some clues from the bigger brains would be appreciated :-)
> 
> M
> 
> ====================
> HOST ifconfig:
> 
> em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 
> 1500
> 
> options=4219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAG
> IC,VLAN_HWTSO>
> ether 00:30:48:b0:57:9b
> inet 67.205.xx.xx netmask 0xffffffe0 broadcast 67.205.74.63
> inet 174.xx.xx.76 netmask 0xfffffffc broadcast 174.x.x.79
> inet 174.xx.xx.79 netmask 0xfffffffc broadcast 174.x.x.79
> inet 174.xx.xx.77 netmask 0xfffffffc broadcast 174.x.x.79
> inet 174.xx.xx.78 netmask 0xfffffffc broadcast 174.x.x.79
> nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
> media: Ethernet autoselect (100baseTX <full-duplex>)
> status: active
> ------------
> Jail ifconfig:
> 
> em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 
> 1500
> 
> options=4219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAG
> IC,VLAN_HWTSO>
> ether 00:30:48:b0:57:9b
> inet 174.x.x.79 netmask 0xffffffff broadcast 174.x.x.79
> media: Ethernet autoselect (100baseTX <full-duplex>)
> status: active
> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
> options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
> 
> 
> 
> _______________________________________________
> freebsd-jail at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-jail
> To unsubscribe, send any mail to "freebsd-jail-unsubscribe at freebsd.org"

Hi

Any reason you are running your webjail on the broadcast IP for the 
subnet? IP range for your 0xfffffffc net would be (.77|.78).

More information about the freebsd-jail mailing list