From owner-freebsd-jail@FreeBSD.ORG Mon May 27 07:50:09 2013 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 00595DE2 for ; Mon, 27 May 2013 07:50:08 +0000 (UTC) (envelope-from gofj-freebsd-jail@m.gmane.org) Received: from plane.gmane.org (plane.gmane.org [80.91.229.3]) by mx1.freebsd.org (Postfix) with ESMTP id B9309A22 for ; Mon, 27 May 2013 07:50:08 +0000 (UTC) Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1UgsBv-0003Ld-8v for freebsd-jail@freebsd.org; Mon, 27 May 2013 09:50:03 +0200 Received: from 105-236-93-112.access.mtnbusiness.co.za ([105.236.93.112]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 27 May 2013 09:50:03 +0200 Received: from lists by 105-236-93-112.access.mtnbusiness.co.za with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 27 May 2013 09:50:03 +0200 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-jail@freebsd.org From: Mogamat Abrahams Subject: Cant reach Jailed services from internet. Date: Mon, 27 May 2013 07:45:06 +0000 (UTC) Lines: 52 Message-ID: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: sea.gmane.org User-Agent: Loom/3.14 (http://gmane.org/) X-Loom-IP: 105.236.93.112 (Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.64 Safari/537.31) X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 May 2013 07:50:09 -0000 Hi, Got a 9.1 machine with two jails on it. webjail (IP=.79), mailjail(IP=.78). I can reach the jailed services from the host, reach the jails from each other, reach the internet from the jails and host, reach the host from the internet BUT I cannot reach the jails from the internet. I've used EZJAIL to set these up and assigned a public IP address to the jails. These IP's are also aliased to the em0 interface of the host(perhaps this is a problem?). I am assuming that the jails inherit the routing of the host. I've seen some posts stating that ports should be forwarded to the jails, but that would defeat the possibility of running duplicate services in separate jails on their own ips. Like have 3 WWW servers on one host, each in its own jail. Some clues from the bigger brains would be appreciated :-) M ==================== HOST ifconfig: em0: flags=8843 metric 0 mtu 1500 options=4219b ether 00:30:48:b0:57:9b inet 67.205.xx.xx netmask 0xffffffe0 broadcast 67.205.74.63 inet 174.xx.xx.76 netmask 0xfffffffc broadcast 174.x.x.79 inet 174.xx.xx.79 netmask 0xfffffffc broadcast 174.x.x.79 inet 174.xx.xx.77 netmask 0xfffffffc broadcast 174.x.x.79 inet 174.xx.xx.78 netmask 0xfffffffc broadcast 174.x.x.79 nd6 options=29 media: Ethernet autoselect (100baseTX ) status: active ------------ Jail ifconfig: em0: flags=8843 metric 0 mtu 1500 options=4219b ether 00:30:48:b0:57:9b inet 174.x.x.79 netmask 0xffffffff broadcast 174.x.x.79 media: Ethernet autoselect (100baseTX ) status: active lo0: flags=8049 metric 0 mtu 16384 options=600003