Le 7 mars 2013 à 10:58, Boris Samorodov <[email protected]> a écrit :
> 07.03.2013 12:48, Yoann Gini пишет: > >> I need to share this IP, I’ve only one and I would like to avoid playing >> with NAT… > > One IP may be shared but for different services (ports). That what I’ve understand and what I’ve planned. >> If someone have a idea… > > Give some more information: > 1. OS version, OS arch. FreeBSD srv0.public.example.com 9.1-RELEASE FreeBSD 9.1-RELEASE #0 r243825: Tue Dec 4 09:23:10 UTC 2012 [email protected]:/usr/obj/usr/src/sys/GENERIC amd64 > 2. Jail configuration (at least one) from /etc and LOCALBASE/etc/ezjail. What do you want in /etc ? Except the fstab, I don’t see any config here, the fstab look like that: /home/jails/basejail /home/jails/front0.public.example.com/basejail nullfs ro 0 0 /usr/ports /home/jails/front0.public.example.com/usr/ports nullfs ro 0 0 And here is the ezjail config export jail_front0_public_example_com_hostname="front0.public.example.com" export jail_front0_public_example_com_ip=« IPv6Prefix::80,SharedIPv4,10.42.0.2" export jail_front0_public_example_com_rootdir="/home/jails/front0.public.example.com" export jail_front0_public_example_com_exec_start="/bin/sh /etc/rc" export jail_front0_public_example_com_exec_stop="" export jail_front0_public_example_com_mount_enable="YES" export jail_front0_public_example_com_devfs_enable="YES" export jail_front0_public_example_com_devfs_ruleset="devfsrules_jail" export jail_front0_public_example_com_procfs_enable="YES" export jail_front0_public_example_com_fdescfs_enable="YES" export jail_front0_public_example_com_image="" export jail_front0_public_example_com_imagetype="" export jail_front0_public_example_com_attachparams="" export jail_front0_public_example_com_attachblocking="" export jail_front0_public_example_com_forceblocking="" export jail_front0_public_example_com_zfs_datasets="" export jail_front0_public_example_com_cpuset="" export jail_front0_public_example_com_fib="" > 3. What do you want to achieve. I want a setup with: — srv0 listen only for SSH on a alternate port for supervision on public IPv4/6 ; — front0 to handle any public services (web, DNS, e-mail) on public IPv4/6 ; — service0 to handle internal services (git, redmine, AFP sharepoints…) on private IP and SSH on a other alternate port on public IPv4/6 ; — gateway0 to act as a VPN server and webproxy to secure access to private services on service0 and act as a secure gateway to encrypt network traffic for road-warriors on public network. In the end, I will dispatch those services on different server but for now I only access to one system, so I would like to prepare the setup to be dispatched on different hardware when the budget come. Actually, if I remove the SharedIPv4 from the jails, it works. I’ve investigate more on the open socket area and I think the problem come from Apache who still lisent on *:* even if I’ve set a Listen directive… _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "[email protected]"
