From owner-freebsd-jail@FreeBSD.ORG Mon May 27 11:23:26 2013 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id B7873280 for ; Mon, 27 May 2013 11:23:26 +0000 (UTC) (envelope-from matsh@nanogene.org) Received: from mail.nanogene.org (www.nanogene.org [109.236.85.181]) by mx1.freebsd.org (Postfix) with ESMTP id 8043A987 for ; Mon, 27 May 2013 11:23:26 +0000 (UTC) Received: from localhost (www.nanogene.org [109.236.85.181]) by mail.nanogene.org (Postfix) with ESMTP id 0B49DE7730C for ; Mon, 27 May 2013 13:18:02 +0200 (CEST) Received: from mail.nanogene.org ([109.236.85.181]) by localhost (mail.nanogene.org [109.236.85.181]) (maiad, port 10024) with ESMTP id 06621-04 for ; Mon, 27 May 2013 13:18:00 +0200 (CEST) Received: by mail.nanogene.org (Postfix, from userid 80) id 429C8E7730F; Mon, 27 May 2013 13:18:00 +0200 (CEST) To: freebsd-jail@freebsd.org Subject: Re: Cant reach Jailed services from internet. X-PHP-Originating-Script: 80:rcmail.php MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Date: Mon, 27 May 2013 13:18:00 +0200 From: "Mats A. Hansen" In-Reply-To: References: Message-ID: X-Sender: matsh@nanogene.org User-Agent: Roundcube Webmail X-Virus-Scanned: Maia Mailguard X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 May 2013 11:23:26 -0000 On 2013-05-27 09:45, Mogamat Abrahams wrote: > Hi, > > Got a 9.1 machine with two jails on it. webjail (IP=.79), > mailjail(IP=.78). > I can reach the jailed services from the host, reach the jails from > each > other, reach the internet from the jails and host, reach the host from > the > internet BUT I cannot reach the jails from the internet. > > I've used EZJAIL to set these up and assigned a public IP address to > the > jails. These IP's are also aliased to the em0 interface of the > host(perhaps > this is a problem?). I am assuming that the jails inherit the routing > of the > host. > > I've seen some posts stating that ports should be forwarded to the > jails, > but that would defeat the possibility of running duplicate services in > separate jails on their own ips. Like have 3 WWW servers on one host, > each > in its own jail. > > Some clues from the bigger brains would be appreciated :-) > > M > > ==================== > HOST ifconfig: > > em0: flags=8843 metric 0 mtu > 1500 > > options=4219b IC,VLAN_HWTSO> > ether 00:30:48:b0:57:9b > inet 67.205.xx.xx netmask 0xffffffe0 broadcast 67.205.74.63 > inet 174.xx.xx.76 netmask 0xfffffffc broadcast 174.x.x.79 > inet 174.xx.xx.79 netmask 0xfffffffc broadcast 174.x.x.79 > inet 174.xx.xx.77 netmask 0xfffffffc broadcast 174.x.x.79 > inet 174.xx.xx.78 netmask 0xfffffffc broadcast 174.x.x.79 > nd6 options=29 > media: Ethernet autoselect (100baseTX ) > status: active > ------------ > Jail ifconfig: > > em0: flags=8843 metric 0 mtu > 1500 > > options=4219b IC,VLAN_HWTSO> > ether 00:30:48:b0:57:9b > inet 174.x.x.79 netmask 0xffffffff broadcast 174.x.x.79 > media: Ethernet autoselect (100baseTX ) > status: active > lo0: flags=8049 metric 0 mtu 16384 > options=600003 > > > > _______________________________________________ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" Hi Any reason you are running your webjail on the broadcast IP for the subnet? IP range for your 0xfffffffc net would be (.77|.78).