Re: Two NIC's inside a Jail
On Fri, Mar 23, 2018 at 08:17:27PM +0100, joerg_surmann wrote: > Hi, > > thanks for yor help. > > I can't find a solution. > > But i have find a starnge ip config. > > in rc.conf on Host(not jail) > > ifconfig_vmx0_alias1="inet 192.168.100.2 netmask 255.255.255.0" > ifconfig_em0="inet 213.70.80.92 netmask 255.255.255.0" > > ifconfig on host say: > inet 213.70.80.92 netmask 0x broadcast 213.70.80.92 > inet 192.168.100.2 netmask 0x broadcast 192.168.100.2 > > ifconfig say to both ip's /32. > > Maby that's the reason for unavailable the apache. > > ifconfig iside the jail say the same. > > I'm a little bit confused. > Please show also the output of: netstat -rn During startup, ezjail is adding one more IP address with /32 mask for each interface deployed to jail. Consider addressing interfaces on host these in these way: in /etc/rc.conf ifconfig_vmx0_alias1="inet 192.168.100.3 netmask 255.255.255.0" ifconfig_em0="inet 213.70.80.93 netmask 255.255.255.0" then in /usr/local/etc/ezjail/myjail.conf export jail_myjail_ip="vmx0|192.168.100.2,em0|213.70.80.92" If you don't want to waste one more public IP for the host, try to setup jails from jail.conf(5) instead of ezjail management. You can also give a try to more sophisticated setup with vnet(9) jails where multiple fibs for the host will not be required. Best regards, -- Marek Zarychta signature.asc Description: PGP signature
Re: Two NIC's inside a Jail
Hi,
Sorry that I am coming to the conversation a little late. I have several
systems Which run with multiple IP connections where the jail responds to
multiple IPs
I set /etc/rc.conf to just control the ips of the host. as an example;
ifconfig_igb1="inet AAA.AAA.AAA.1 netmask 255.255.255.0"
defaultrouter=“AAA.AAA.AAA.1”
ifconfig_igb2="inet 192.168.10.1 netmask 255.255.255.0"
ifconfig_igb4="UP"
ifconfig_igb5="UP"
ifconfig_igb6="UP"
ifconfig_igb7="UP"
cloned_interfaces="lagg0"
ifconfig_lagg0="laggproto lacp laggport igb4 laggport igb5 laggport igb6
laggport igb7 192.168.12.14/24”
The jail is then set with it’s jail.conf file as such;
jailname {
host.hostname = “jailname";
ip4.addr= “igb1|AAA.AAA.AAA.2/24”;
ip4.addr+= “igb2|192.168.10.21/24”;
ip4.addr+= "lagg0|192.168.12.32/24";
path= "/usr/jail/jailname";
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
exec.consolelog = "/var/log/jail.jailname.console.log";
mount.devfs;
}
My interfaces are igb# your's are em0
Apache is set to listen to;
Listen :80
If the Apache setup is not complex it should just work on all IP. If you are
running vhosts you will need to specify ServerName and/or ServerAliases in
apache.
If the jail requires a different gateway than the defaultrouter then you will
need to setup fibs.
Chris
> On Mar 23, 2018, at 3:17 PM, joerg_surmann
> wrote:
>
> Hi,
>
> thanks for yor help.
>
> I can't find a solution.
>
> But i have find a starnge ip config.
>
> in rc.conf on Host(not jail)
>
> ifconfig_vmx0_alias1="inet 192.168.100.2 netmask 255.255.255.0"
> ifconfig_em0="inet 213.70.80.92 netmask 255.255.255.0"
>
> ifconfig on host say:
> inet 213.70.80.92 netmask 0x broadcast 213.70.80.92
> inet 192.168.100.2 netmask 0x broadcast 192.168.100.2
>
> ifconfig say to both ip's /32.
>
> Maby that's the reason for unavailable the apache.
>
> ifconfig iside the jail say the same.
>
> I'm a little bit confused.
>
>
>
> Am 23.03.2018 um 18:25 schrieb Marek Zarychta:
>> On Fri, Mar 23, 2018 at 04:01:30PM +0100, Joerg Surmann wrote:
>>> Hi all,
>>>
>>> I have a Problem to understund how to manage 2 Networks inside a Jail.
>>>
>>> i have create a jail (using ezjail) with a alias IP. in rc.conf (on
>>> Host):
>>>
>>> ifconfig_vmx0="inet 192.168.100.1 netmask 255.255.255.0"
>>> ifconfig_vmx0_alias0="inet 192.168.100.2 netmask 255.255.255.0" <-
>>> this is the jail ip
>>>
>>> Inside the jail running apachhe24.
>>>
>>> Now i add a new NIC to the System. in rc.conf (on Host):
>>> ifconfig_em0="inet 213.70.80.92 netmask 255.255.255.0"
>>>
>>> in /usr/local/etc/ezjail/myjail.conf: i add the new ip export
>>> jail_myjail_ip="192.168.100.2,213.70.80.92"
>>>
>>> Restart the jail and ifconfig looks fine. vmx0 -> inet 192.168.100.2
>>> em0 -> inet 213.70.80.92
>>>
>>> Apache Listen on all NIC's () But i can see my
>>> Website only via 192.168.100.2 from intern Network.
>>>
>>> The Host is behind a Firewall. The IP 213.70.80.92 is enabled for
>>> incomming Traffic.
>>>
>>> When i give the Hostname in a Browser i become "connection Timeout".
>>>
>>> What is to do that the Host is accessable from Inet?
>>>
>> Hi Joerg,
>>
>> I guess your host has default gw reachable via vmx0 and second interface
>> em0 is connected and was reachable at least from firewall protecting
>> address 213.70.80.92? If it is true then you should add:
>>
>> to /usr/local/etc/ezjail/myjail.conf
>> export jail_myjail_ip="lo1|127.0.1.1,vmx0|192.168.100.2,em0|213.70.80.92"
>> export jail_myjail_fib="1"
>>
>> to /etc/rc.conf
>> static_routes="net_jails"
>> route_net_jails="default 213.70.80.x -fib 1"
>>
>> to /boot/loader.conf
>> net.fibs="2"
>>
>> Eventually take a look at setfib(1) and also consider migrating em
>> adapter to second vmx which shuld be faster and more flexible.
>>
>> IMHO this questions should be asked rather on freebsd-net list than
>> here.
>
>
signature.asc
Description: Message signed with OpenPGP
Re: Two NIC's inside a Jail
Hi, thanks for yor help. I can't find a solution. But i have find a starnge ip config. in rc.conf on Host(not jail) ifconfig_vmx0_alias1="inet 192.168.100.2 netmask 255.255.255.0" ifconfig_em0="inet 213.70.80.92 netmask 255.255.255.0" ifconfig on host say: inet 213.70.80.92 netmask 0x broadcast 213.70.80.92 inet 192.168.100.2 netmask 0x broadcast 192.168.100.2 ifconfig say to both ip's /32. Maby that's the reason for unavailable the apache. ifconfig iside the jail say the same. I'm a little bit confused. Am 23.03.2018 um 18:25 schrieb Marek Zarychta: > On Fri, Mar 23, 2018 at 04:01:30PM +0100, Joerg Surmann wrote: >> Hi all, >> >> I have a Problem to understund how to manage 2 Networks inside a Jail. >> >> i have create a jail (using ezjail) with a alias IP. in rc.conf (on >> Host): >> >> ifconfig_vmx0="inet 192.168.100.1 netmask 255.255.255.0" >> ifconfig_vmx0_alias0="inet 192.168.100.2 netmask 255.255.255.0" <- >> this is the jail ip >> >> Inside the jail running apachhe24. >> >> Now i add a new NIC to the System. in rc.conf (on Host): >> ifconfig_em0="inet 213.70.80.92 netmask 255.255.255.0" >> >> in /usr/local/etc/ezjail/myjail.conf: i add the new ip export >> jail_myjail_ip="192.168.100.2,213.70.80.92" >> >> Restart the jail and ifconfig looks fine. vmx0 -> inet 192.168.100.2 >> em0 -> inet 213.70.80.92 >> >> Apache Listen on all NIC's () But i can see my >> Website only via 192.168.100.2 from intern Network. >> >> The Host is behind a Firewall. The IP 213.70.80.92 is enabled for >> incomming Traffic. >> >> When i give the Hostname in a Browser i become "connection Timeout". >> >> What is to do that the Host is accessable from Inet? >> > Hi Joerg, > > I guess your host has default gw reachable via vmx0 and second interface > em0 is connected and was reachable at least from firewall protecting > address 213.70.80.92? If it is true then you should add: > > to /usr/local/etc/ezjail/myjail.conf > export jail_myjail_ip="lo1|127.0.1.1,vmx0|192.168.100.2,em0|213.70.80.92" > export jail_myjail_fib="1" > > to /etc/rc.conf > static_routes="net_jails" > route_net_jails="default 213.70.80.x -fib 1" > > to /boot/loader.conf > net.fibs="2" > > Eventually take a look at setfib(1) and also consider migrating em > adapter to second vmx which shuld be faster and more flexible. > > IMHO this questions should be asked rather on freebsd-net list than > here. signature.asc Description: OpenPGP digital signature
Re: Two NIC's inside a Jail
On Fri, Mar 23, 2018 at 04:01:30PM +0100, Joerg Surmann wrote: > Hi all, > > I have a Problem to understund how to manage 2 Networks inside a Jail. > > i have create a jail (using ezjail) with a alias IP. in rc.conf (on > Host): > > ifconfig_vmx0="inet 192.168.100.1 netmask 255.255.255.0" > ifconfig_vmx0_alias0="inet 192.168.100.2 netmask 255.255.255.0" <- > this is the jail ip > > Inside the jail running apachhe24. > > Now i add a new NIC to the System. in rc.conf (on Host): > ifconfig_em0="inet 213.70.80.92 netmask 255.255.255.0" > > in /usr/local/etc/ezjail/myjail.conf: i add the new ip export > jail_myjail_ip="192.168.100.2,213.70.80.92" > > Restart the jail and ifconfig looks fine. vmx0 -> inet 192.168.100.2 > em0 -> inet 213.70.80.92 > > Apache Listen on all NIC's () But i can see my > Website only via 192.168.100.2 from intern Network. > > The Host is behind a Firewall. The IP 213.70.80.92 is enabled for > incomming Traffic. > > When i give the Hostname in a Browser i become "connection Timeout". > > What is to do that the Host is accessable from Inet? > Hi Joerg, I guess your host has default gw reachable via vmx0 and second interface em0 is connected and was reachable at least from firewall protecting address 213.70.80.92? If it is true then you should add: to /usr/local/etc/ezjail/myjail.conf export jail_myjail_ip="lo1|127.0.1.1,vmx0|192.168.100.2,em0|213.70.80.92" export jail_myjail_fib="1" to /etc/rc.conf static_routes="net_jails" route_net_jails="default 213.70.80.x -fib 1" to /boot/loader.conf net.fibs="2" Eventually take a look at setfib(1) and also consider migrating em adapter to second vmx which shuld be faster and more flexible. IMHO this questions should be asked rather on freebsd-net list than here. -- Marek Zarychta signature.asc Description: PGP signature
Two NIC's inside a Jail
Hi all, I have a Problem to understund how to manage 2 Networks inside a Jail. i have create a jail (using ezjail) with a alias IP. in rc.conf (on Host): ifconfig_vmx0="inet 192.168.100.1 netmask 255.255.255.0" ifconfig_vmx0_alias0="inet 192.168.100.2 netmask 255.255.255.0" <- this is the jail ip Inside the jail running apachhe24. Now i add a new NIC to the System. in rc.conf (on Host): ifconfig_em0="inet 213.70.80.92 netmask 255.255.255.0" in /usr/local/etc/ezjail/myjail.conf: i add the new ip export jail_myjail_ip="192.168.100.2,213.70.80.92" Restart the jail and ifconfig looks fine. vmx0 -> inet 192.168.100.2 em0 -> inet 213.70.80.92 Apache Listen on all NIC's () But i can see my Website only via 192.168.100.2 from intern Network. The Host is behind a Firewall. The IP 213.70.80.92 is enabled for incomming Traffic. When i give the Hostname in a Browser i become "connection Timeout". What is to do that the Host is accessable from Inet? Thanks Holm signature.asc Description: OpenPGP digital signature
