Mogamat Abrahams wrote:
Do you have gateway_enable="YES" statement in the host's rc.conf?
Added it and not difference.
Is the jails /etc/resolv.conf populated with the correct info?
Yes, name resolution works ok - i can reach out from the jail to other
services on the internet.
You said "Netstat on the host and jail also show services
listening on those addresses on the correct ports."
If what you mean is the host has processes listening on the SAME
ip address / ports as the jails are listening on, then your jails
will never get any unsolicited traffic because the host always gets
access to that traffic first and processes it without the jail ever
knowing about it.
I only have sshd configured on the host, that on the 67. ip address. So I
assume those listening ports are coming from the jail as its on the same IP
and ports 80 and 81
Any other suggestions?
M
Lets find out about those jail ip addresses. You stated those ip address
prefixed with 174 were provided by you colo provider.
Questions to ask them. Are those 174.x.x.x ip addresses provisioned or
said a different way are they true static ip addresses? Read up on the
difference.
Your 67.205.xx.xx ip address looks like a dynamic ip address that you
use dhcp to automatically obtain all the network configuration
information needed by your host. Static ip addresses don't work that
way. You have to manually configure the static network. If I remember
correctly, for a block of 3 assignable ip addresses you need a block of
5 from your provider. The first and last ip address are used to config
the network.
Best you talk to your provider to find out how those ip addresses are
configured at their end and how you should config them at your end.
You never said if you have a firewall on your host. The firewall rules
maybe dropping unsolicited inbound traffic for those 174 prefixed ip
addresses. Try putting a pass all log from that NIC rule or just a log
all rule or turn off the firewall all together and see what happens.
Verify your NAT is not trying to NAT unsolicited inbound traffic for
those 174 prefixed ip addresses.
_______________________________________________
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
