date:20091118

Problem with Apache in Jail

2009-11-18 Thread Scheithauer, Lars (FH)

Hi everyone,

 

I've started to install an apache22 in a freebsd-jail and have a
problem. The jail has a public ip address, so from what I know, I
wouldn't have to forward any packages to it. I can reach the apache22
server by ip-address, but not by its DNS - the connection gets
disrupted. I can successfully nslookup the DNS and if I watch the
traffic of the browser via wireshark, I see that it sends packages to
the server, but the server doesn't send any packages back. I also do not
find any traces of the connection attempt in the apache-logs.

 

The config-files of the apache are correct and read (tested by entering
some false configs and the server refused to start afterwards - and as
said I'm able to access it by its ip).

 

Now, is there any way that this could be caused by the jail?

 

Best Regards,

Lars

___
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org

Re: Broadcast under Jail problems

2009-11-18 Thread jelmer

(create a virtual network interface, and use packet filter)



  # ifconfig lo1 create

  # ifconfig lo1 inet 10.0.1.1 netmask 255.255.255.0

  # touch /etc/start_if.lo1

  # echo ifconfig lo1 create  /etc/start_if.lo1

  # cp /usr/share/examples/pf/pf.conf /etc/



(existance of  pf.conf is just necessary, later I setup a complete one)




(allow networking for jails - required for the installation of ports)



*  # echo 'nat on bge0 from lo1:network to any - (bge0)'  /etc/pf.conf

  # pfctl -d

  # pfctl -e -f /etc/pf.conf

# echo '



and use this in rc.conf


 interfaces=lo0 bge0

  cloned_interfaces=lo1

ifconfig_re0=inet PUBL_IP  netmask 255.255.255.128 -rxcsum -txcsum

ifconfig_re0_alias0=inet PUBL_IP_2 netmask 255.255.255.128

 ifconfig_lo1=inet 10.0.1.1 netmask 255.255.255.0

ifconfig_lo1_alias0=inet 10.0.1.2/24

ifconfig_lo1_alias1=inet 10.0.1.3/32



On Tue, Nov 17, 2009 at 1:00 PM, freebsd-jail-requ...@freebsd.org wrote:

 Send freebsd-jail mailing list submissions to
freebsd-jail@freebsd.org

 To subscribe or unsubscribe via the World Wide Web, visit
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
 or, via email, send a message with subject or body 'help' to
freebsd-jail-requ...@freebsd.org

 You can reach the person managing the list at
freebsd-jail-ow...@freebsd.org

 When replying, please edit your Subject line so it is more specific
 than Re: Contents of freebsd-jail digest...


 Today's Topics:

   1. Re: Broadcast under Jail problems (Vagif Zeynalov)
   2. Networking from jail (Scheithauer, Lars (FH))
   3. Networking from jail - errata (Scheithauer, Lars (FH))
   4. Re: Networking from jail - errata (Bjoern A. Zeeb)
   5. AW: Networking from jail - errata (Scheithauer, Lars (FH))
   6. Re: AW: Networking from jail - errata (Bjoern A. Zeeb)
   7. AW: AW: Networking from jail - errata (Scheithauer, Lars (FH))


 --

 Message: 1
 Date: Mon, 16 Nov 2009 16:14:59 +0300
 From: Vagif Zeynalov va...@zeynalov.com
 Subject: Re: Broadcast under Jail problems
 To: Bjoern A. Zeeb bzeeb-li...@lists.zabbadoz.net
 Cc: freebsd-jail@freebsd.org
 Message-ID: a9332ade8f494076a02daff06daad...@vagifpc
 Content-Type: text/plain; format=flowed; charset=iso-8859-1;
reply-type=response


  ...I can provide more details if it will be necessary...
 
  error ogs from the application would be interesting to see which
  (sys)call return which error so that we can narrow it down.
 

 You know, to make the answer I just rebuild the mediatomb on the clear jail
 machine and... the problem has been disappeared!
 It's very strange, because I already did it before few times.

 Whatever, sorry guys for disturb. ;-))
 I have to investigate, what did I change at last night in the system.

 Regards,
 Vagif



 --

 Message: 2
 Date: Tue, 17 Nov 2009 10:18:59 +0100
 From: Scheithauer, Lars (FH) lars.scheitha...@fh-heidelberg.de
 Subject: Networking from jail
 To: freebsd-jail@freebsd.org
 Message-ID:

 26040005b7f3aa41a0345bce386ca09701c62...@fhclusrv-ex.dcs.fh-heidelberg.de

 Content-Type: text/plain;   charset=us-ascii

 Hi everyone!

 I'm having a little trouble with my jail's networking and I'm not sure
 what to make of it.

 My jailhost has an IP of x.y.z.48, my test jail is x.y.z.49. The
 jailhost has both IP-adresses, the jail has just it's own:

 Jail# ifconfig
 bce0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu
 1500

 options=1bbRXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,
 TSO4
ether xx:xx:xx:xx:xx:10
inet x.y.z.60 netmask 0xffc0 broadcast x.y.z.63
media: Ethernet autoselect (1000baseSX full-duplex)
status: active
 [...]
 Host# ifconfig
 bce0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu
 1500

 options=1bbRXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,
 TSO4
ether xx:xx:xx:xx:xx:10
inet x.y.z.61 netmask 0xffc0 broadcast x.y.z.63
inet x.y.z.60 netmask 0xffc0 broadcast x.y.z.63
media: Ethernet autoselect (1000baseSX full-duplex)
status: active
 [...]

 I am able to access the ssh-server running on the jail, and I am able to
 access the proxyserver of our network via telnet and get some pages of
 the internet. However, if I want to install something from the ports,
 the jail is unable to fetch it:

 Jail# cd /usr/ports/ftp/wget
 Jail# make
 ===  Vulnerability check disabled, database not found
 ===  Found saved configuration for wget-1.11.4_1
 = wget-1.11.4.tar.bz2 doesn't seem to exist in /usr/ports/distfiles/.
 = Attempting to fetch from http://ftp.gnu.org/gnu/wget/.
 fetch: http://ftp.gnu.org/gnu/wget/wget-1.11.4.tar.bz2: Operation timed
 out
 = Attempting to fetch from ftp://ftp.gnu.org/gnu/wget/.
 [...]

 I've set the appropriate environment variables HTTP_PROXY, HTTPS_PROXY
 and FTP_PROXY. If I test the connection

Re: Problem with Apache in Jail

2009-11-18 Thread Miroslav Lachman


Scheithauer, Lars (FH) wrote:

Hi everyone,

I've started to install an apache22 in a freebsd-jail and have a
problem. The jail has a public ip address, so from what I know, I
wouldn't have to forward any packages to it. I can reach the apache22
server by ip-address, but not by its DNS - the connection gets
disrupted. I can successfully nslookup the DNS and if I watch the
traffic of the browser via wireshark, I see that it sends packages to
the server, but the server doesn't send any packages back. I also do not
find any traces of the connection attempt in the apache-logs.

The config-files of the apache are correct and read (tested by entering
some false configs and the server refused to start afterwards - and as
said I'm able to access it by its ip).



Now, is there any way that this could be caused by the jail?


You did not post what version and architecture you are using...
But I am runing several jails with Apache or Lighttpd without any issues 
(on 6.3 i386 and 7.2 i386 + amd64).

So I expect some misconfiguration on your side.

Are you sure you have correct DNS entries pointing to right IP and you 
have working resolv.conf inside jail? What about /etc/hosts?


Miroslav Lachman
___
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org

AW: Problem with Apache in Jail

2009-11-18 Thread Scheithauer, Lars (FH)

Hi Miroslav,

the system is a FreeBSD 8.0-rc3 with apache22.

nslookup is working fine - I did not enter the vhosts name into the /etc/hosts 
before, but even adding it doesn't change the problem.

Any other ideas I might check out?

Best Regards,
Lars



-Ursprüngliche Nachricht-
Von: Miroslav Lachman [mailto:000.f...@quip.cz] 
Gesendet: Mittwoch, 18. November 2009 15:44
An: Scheithauer, Lars (FH)
Cc: freebsd-jail@freebsd.org
Betreff: Re: Problem with Apache in Jail

Scheithauer, Lars (FH) wrote:
 Hi everyone,

 I've started to install an apache22 in a freebsd-jail and have a
 problem. The jail has a public ip address, so from what I know, I
 wouldn't have to forward any packages to it. I can reach the apache22
 server by ip-address, but not by its DNS - the connection gets
 disrupted. I can successfully nslookup the DNS and if I watch the
 traffic of the browser via wireshark, I see that it sends packages to
 the server, but the server doesn't send any packages back. I also do not
 find any traces of the connection attempt in the apache-logs.

 The config-files of the apache are correct and read (tested by entering
 some false configs and the server refused to start afterwards - and as
 said I'm able to access it by its ip).



 Now, is there any way that this could be caused by the jail?

You did not post what version and architecture you are using...
But I am runing several jails with Apache or Lighttpd without any issues 
(on 6.3 i386 and 7.2 i386 + amd64).
So I expect some misconfiguration on your side.

Are you sure you have correct DNS entries pointing to right IP and you 
have working resolv.conf inside jail? What about /etc/hosts?

Miroslav Lachman
___
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org

Problem with Apache in Jail

Re: Broadcast under Jail problems

Re: Problem with Apache in Jail

AW: Problem with Apache in Jail

4 matches

Site Navigation

Mail list logo

Footer information