joerg_surmann wrote on 2018/03/23 20:12:
Hi,
thanks for yor help.
I can't find a solution.
But i have find a starnge ip config.
in rc.conf on Host(not jail)
ifconfig_vmx0_alias1="inet 192.168.100.2 netmask 255.255.255.0"
ifconfig_em0="inet 213.70.80.92 netmask 255.255.255.0"
ifconfig on host say:
inet 213.70.80.92 netmask 0xffffffff broadcast 213.70.80.92
inet 192.168.100.2 netmask 0xffffffff broadcast 192.168.100.2
ifconfig say to both ip's /32.
Maby that's the reason for unavailable the apache.
ifconfig iside the jail say the same.
I'm a little bit confused.
I think it can be a problem with your configuration of ezjail. I am not
sure but if I remember it well if you set IP for jail in ezjail
configuration it will be added to network interface on startup nad
removed on stop of the jail.
So when you start the host you will have 192.168.100.2/24 but after jail
start you will end up with 192.168.100.2/32.
Can you confirm this? (reboot the machine with ezjail disabled in rc.conf)
You need to configure ezjail to not manage IPs on interfaces.
Please post content of ezjail.conf and full conf of your jail.
Am 23.03.2018 um 17:41 schrieb Miroslav Lachman:
Joerg Surmann wrote on 2018/03/23 17:14:
tail -f /var/log/httpd-access.log
192.168.100.2 - - [23/Mar/2018:13:12:10 +0000] "OPTIONS * HTTP/1.0"
200 -
192.168.100.2 - - [23/Mar/2018:15:12:02 +0000] "OPTIONS * HTTP/1.0"
200 -
213.70.80.92 - - [23/Mar/2018:15:33:07 +0000] "OPTIONS * HTTP/1.0" 200 -
213.70.80.92 - - [23/Mar/2018:15:33:08 +0000] "OPTIONS * HTTP/1.0" 200 -
213.70.80.92 - - [23/Mar/2018:15:33:09 +0000] "OPTIONS * HTTP/1.0" 200 -
213.70.80.92 - - [23/Mar/2018:15:35:37 +0000] "GET / HTTP/1.1" 302 209
213.70.80.92 - - [23/Mar/2018:15:35:44 +0000] "OPTIONS * HTTP/1.0" 200 -
213.70.80.92 - - [23/Mar/2018:15:35:45 +0000] "OPTIONS * HTTP/1.0" 200 -
213.70.80.92 - - [23/Mar/2018:15:35:46 +0000] "OPTIONS * HTTP/1.0" 200 -
213.70.80.92 - - [23/Mar/2018:15:58:05 +0000] "GET / HTTP/1.1" 302 209
How did you do the request from 213.70.80.92? It was made from
localhost where Apache runs?
jls -v
JID Hostname Path
Name State
CPUSetID
IP Address(es)
2 apache24 /usr/jails/apache24
apache24 ACTIVE
3
192.168.100.2
213.70.80.92
Looks good
jls -s
devfs_ruleset=0 enforce_statfs=2 host=new ip4=disable ip6=disable
jid=2 name=apache24 osreldate=1101001 osrelease=11.1-RELEASE
path=/usr/jails/apache24 nopersist securelevel=-1 sysvmsg=disable
sysvsem=disable sysvshm=disable allow.nochflags allow.mount
allow.mount.nodevfs allow.mount.nofdescfs allow.mount.nolinprocfs
allow.mount.nolinsysfs allow.mount.nonullfs allow.mount.noprocfs
allow.mount.notmpfs allow.mount.nozfs allow.noquotas
allow.raw_sockets allow.noset_hostname allow.nosocket_af
allow.nosysvipc children.max=0 host.domainname="" host.hostid=0
host.hostname=apache24
host.hostuuid=00000000-0000-0000-0000-000000000000
This is strange. You have ip4=disable ip6=disable. My jails have
"ip4=new ip6=disable"
And you don't have ip4.addr at all. I have ip4.addr=172.16.16.2 for
example
Miroslav Lachman
Am 23.03.2018 um 16:58 schrieb Miroslav Lachman:
Joerg Surmann wrote on 2018/03/23 16:45:
Thanks for replay.
netstat -an | egrep 'tcp4.*80 .*LISTEN'
say:
netstat: kvm not available: /dev/mem No such file or directory <- is
inside a jail.
tcp4 0 0 *.80 *.* LISTEN
grep -i Listen /usr/local/etc/apache24/httpd.conf
Listen 80
Listen 443
From the internal IP is no Problem.
You are right. I'm not sure on wich IP's Apache is listening.
I have change the Listen directive to the external IP in httpd.conf
Listen 213.70.80.92:80
netstat -an | egrep 'tcp4.*80 .*LISTEN'
now say:
tcp4 0 0 213.70.80.92:80 *.* LISTEN
But apache is not availble from Internet.
From Intranet... no Problem.
When i use tcpdump on Host i can see Traffic.
Whats wrong?
That's strange.
Listen 80 and Listen 443 is OK, it is the same as
Listen *:80
Listen *:443
and as you see with netstat, Apache was listening on both IPs:
*.80 *.* LISTEN
Do you have something listening on port 80 in the Host?
What netstat shows in the host?
Also check Apache log files. If you didn't configure virtual host,
then you have just these two log files:
/var/log/httpd-access.log
/var/log/httpd-error.log
Use tail and then try to access your website from the internet
# tail -f /var/log/httpd-*.log
Please send what "jls -v" in the Host will show you. (there should
be 2 IPs for your jail) or "jls -s" (replace any sensitive
informations if you want)
And move this discussion to proper mailing list:
[email protected]
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "[email protected]"
