On 2013-05-27 09:45, Mogamat Abrahams wrote:
Hi,
Got a 9.1 machine with two jails on it. webjail (IP=.79),
mailjail(IP=.78).
I can reach the jailed services from the host, reach the jails from
each
other, reach the internet from the jails and host, reach the host from
the
internet BUT I cannot reach the jails from the internet.
I've used EZJAIL to set these up and assigned a public IP address to
the
jails. These IP's are also aliased to the em0 interface of the
host(perhaps
this is a problem?). I am assuming that the jails inherit the routing
of the
host.
I've seen some posts stating that ports should be forwarded to the
jails,
but that would defeat the possibility of running duplicate services in
separate jails on their own ips. Like have 3 WWW servers on one host,
each
in its own jail.
Some clues from the bigger brains would be appreciated :-)
M
====================
HOST ifconfig:
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu
1500
options=4219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAG
IC,VLAN_HWTSO>
ether 00:30:48:b0:57:9b
inet 67.205.xx.xx netmask 0xffffffe0 broadcast 67.205.74.63
inet 174.xx.xx.76 netmask 0xfffffffc broadcast 174.x.x.79
inet 174.xx.xx.79 netmask 0xfffffffc broadcast 174.x.x.79
inet 174.xx.xx.77 netmask 0xfffffffc broadcast 174.x.x.79
inet 174.xx.xx.78 netmask 0xfffffffc broadcast 174.x.x.79
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
------------
Jail ifconfig:
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu
1500
options=4219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAG
IC,VLAN_HWTSO>
ether 00:30:48:b0:57:9b
inet 174.x.x.79 netmask 0xffffffff broadcast 174.x.x.79
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "[email protected]"
Hi
Any reason you are running your webjail on the broadcast IP for the
subnet? IP range for your 0xfffffffc net would be (.77|.78).
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "[email protected]"
