Cant reach Jailed services from internet.
Mats A. Hansen
matsh at nanogene.org
Mon May 27 11:23:26 UTC 2013
On 2013-05-27 09:45, Mogamat Abrahams wrote:
> Hi,
>
> Got a 9.1 machine with two jails on it. webjail (IP=.79),
> mailjail(IP=.78).
> I can reach the jailed services from the host, reach the jails from
> each
> other, reach the internet from the jails and host, reach the host from
> the
> internet BUT I cannot reach the jails from the internet.
>
> I've used EZJAIL to set these up and assigned a public IP address to
> the
> jails. These IP's are also aliased to the em0 interface of the
> host(perhaps
> this is a problem?). I am assuming that the jails inherit the routing
> of the
> host.
>
> I've seen some posts stating that ports should be forwarded to the
> jails,
> but that would defeat the possibility of running duplicate services in
> separate jails on their own ips. Like have 3 WWW servers on one host,
> each
> in its own jail.
>
> Some clues from the bigger brains would be appreciated :-)
>
> M
>
> ====================
> HOST ifconfig:
>
> em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu
> 1500
>
> options=4219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAG
> IC,VLAN_HWTSO>
> ether 00:30:48:b0:57:9b
> inet 67.205.xx.xx netmask 0xffffffe0 broadcast 67.205.74.63
> inet 174.xx.xx.76 netmask 0xfffffffc broadcast 174.x.x.79
> inet 174.xx.xx.79 netmask 0xfffffffc broadcast 174.x.x.79
> inet 174.xx.xx.77 netmask 0xfffffffc broadcast 174.x.x.79
> inet 174.xx.xx.78 netmask 0xfffffffc broadcast 174.x.x.79
> nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
> media: Ethernet autoselect (100baseTX <full-duplex>)
> status: active
> ------------
> Jail ifconfig:
>
> em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu
> 1500
>
> options=4219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAG
> IC,VLAN_HWTSO>
> ether 00:30:48:b0:57:9b
> inet 174.x.x.79 netmask 0xffffffff broadcast 174.x.x.79
> media: Ethernet autoselect (100baseTX <full-duplex>)
> status: active
> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
> options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
>
>
>
> _______________________________________________
> freebsd-jail at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-jail
> To unsubscribe, send any mail to "freebsd-jail-unsubscribe at freebsd.org"
Hi
Any reason you are running your webjail on the broadcast IP for the
subnet? IP range for your 0xfffffffc net would be (.77|.78).
More information about the freebsd-jail
mailing list