two NIC's in a jail

joerg_surmann joerg_surmann at elektropost.org
Fri Mar 23 19:12:52 UTC 2018 

Hi,

thanks for yor help.

I can't find a solution.

But i have find a starnge ip config.

in rc.conf on Host(not jail)

ifconfig_vmx0_alias1="inet 192.168.100.2  netmask 255.255.255.0"
ifconfig_em0="inet 213.70.80.92 netmask 255.255.255.0"

ifconfig on host say:
inet 213.70.80.92 netmask 0xffffffff broadcast 213.70.80.92
inet 192.168.100.2  netmask 0xffffffff broadcast 192.168.100.2

ifconfig say to both ip's /32.

Maby that's the reason for unavailable the apache.

ifconfig iside the jail say the same.

I'm a little bit confused.

Am 23.03.2018 um 17:41 schrieb Miroslav Lachman:
> Joerg Surmann wrote on 2018/03/23 17:14:
>> tail -f /var/log/httpd-access.log
>> 192.168.100.2 - - [23/Mar/2018:13:12:10 +0000] "OPTIONS * HTTP/1.0"
>> 200 -
>> 192.168.100.2 - - [23/Mar/2018:15:12:02 +0000] "OPTIONS * HTTP/1.0"
>> 200 -
>> 213.70.80.92 - - [23/Mar/2018:15:33:07 +0000] "OPTIONS * HTTP/1.0" 200 -
>> 213.70.80.92 - - [23/Mar/2018:15:33:08 +0000] "OPTIONS * HTTP/1.0" 200 -
>> 213.70.80.92 - - [23/Mar/2018:15:33:09 +0000] "OPTIONS * HTTP/1.0" 200 -
>> 213.70.80.92 - - [23/Mar/2018:15:35:37 +0000] "GET / HTTP/1.1" 302 209
>> 213.70.80.92 - - [23/Mar/2018:15:35:44 +0000] "OPTIONS * HTTP/1.0" 200 -
>> 213.70.80.92 - - [23/Mar/2018:15:35:45 +0000] "OPTIONS * HTTP/1.0" 200 -
>> 213.70.80.92 - - [23/Mar/2018:15:35:46 +0000] "OPTIONS * HTTP/1.0" 200 -
>> 213.70.80.92 - - [23/Mar/2018:15:58:05 +0000] "GET / HTTP/1.1" 302 209
>
> How did you do the request from 213.70.80.92? It was made from
> localhost where Apache runs?
>
>> jls -v
>>     JID  Hostname                      Path
>>          Name                          State
>>          CPUSetID
>>          IP Address(es)
>>
>>       2  apache24                      /usr/jails/apache24
>>          apache24                      ACTIVE
>>          3
>>          192.168.100.2
>>          213.70.80.92
>
> Looks good
>
>> jls -s
>>
>> devfs_ruleset=0 enforce_statfs=2 host=new ip4=disable ip6=disable
>> jid=2 name=apache24 osreldate=1101001 osrelease=11.1-RELEASE
>> path=/usr/jails/apache24 nopersist securelevel=-1 sysvmsg=disable
>> sysvsem=disable sysvshm=disable allow.nochflags allow.mount
>> allow.mount.nodevfs allow.mount.nofdescfs allow.mount.nolinprocfs
>> allow.mount.nolinsysfs allow.mount.nonullfs allow.mount.noprocfs
>> allow.mount.notmpfs allow.mount.nozfs allow.noquotas
>> allow.raw_sockets allow.noset_hostname allow.nosocket_af
>> allow.nosysvipc children.max=0 host.domainname="" host.hostid=0
>> host.hostname=apache24
>> host.hostuuid=00000000-0000-0000-0000-000000000000
>
> This is strange. You have ip4=disable ip6=disable. My jails have
> "ip4=new ip6=disable"
> And you don't have ip4.addr at all. I have ip4.addr=172.16.16.2 for
> example
>
> Miroslav Lachman
>
>
>> Am 23.03.2018 um 16:58 schrieb Miroslav Lachman:
>>> Joerg Surmann wrote on 2018/03/23 16:45:
>>>> Thanks for replay.
>>>>
>>>> netstat -an | egrep 'tcp4.*80 .*LISTEN'
>>>> say:
>>>> netstat: kvm not available: /dev/mem No such file or directory <- is
>>>> inside a jail.
>>>> tcp4    0        0 *.80        *.*        LISTEN
>>>>
>>>> grep -i Listen /usr/local/etc/apache24/httpd.conf
>>>>
>>>> Listen 80
>>>> Listen 443
>>>>
>>>>  From the internal IP is no Problem.
>>>> You are right. I'm not sure on wich IP's Apache is listening.
>>>>
>>>> I have change the Listen directive to the external IP in httpd.conf
>>>> Listen 213.70.80.92:80
>>>>
>>>> netstat -an | egrep 'tcp4.*80 .*LISTEN'
>>>> now say:
>>>> tcp4    0        0  213.70.80.92:80        *.*        LISTEN
>>>>
>>>> But apache is not availble from Internet.
>>>>  From Intranet... no Problem.
>>>>
>>>> When i use tcpdump on Host i can see Traffic.
>>>>
>>>> Whats wrong?
>>>
>>> That's strange.
>>>
>>> Listen 80 and Listen 443 is OK, it is the same as
>>>   Listen *:80
>>>   Listen *:443
>>> and as you see with netstat, Apache was listening on both IPs:
>>>  *.80        *.*        LISTEN
>>>
>>> Do you have something listening on port 80 in the Host?
>>>
>>> What netstat shows in the host?
>>>
>>> Also check Apache log files. If you didn't configure virtual host,
>>> then you have just these two log files:
>>> /var/log/httpd-access.log
>>> /var/log/httpd-error.log
>>>
>>> Use tail and then try to access your website from the internet
>>>
>>> # tail -f /var/log/httpd-*.log
>>>
>>> Please send what "jls -v" in the Host will show you. (there should
>>> be 2 IPs for your jail) or "jls -s"  (replace any sensitive
>>> informations if you want)
>>>
>>> And move this discussion to proper mailing list:
>>> freebsd-jail at FreeBSD.org
>>>


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 874 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-jail/attachments/20180323/24d18116/attachment.sig>

More information about the freebsd-jail mailing list