Date: Fri, 23 Mar 2018 16:14:27 -0400 From: Chris Kiakas <chris@tellme3times.com> To: joerg_surmann <joerg_surmann@elektropost.org> Cc: Marek Zarychta <zarychtam@plan-b.pwste.edu.pl>, freebsd-stable@freebsd.org, freebsd-current@freebsd.org Subject: Re: Two NIC's inside a Jail Message-ID: <A73D34E8-D11C-4331-B6F8-67228830DAD7@tellme3times.com> In-Reply-To: <d2b11066-0313-81b9-933c-67721054488c@elektropost.org> References: <785ce70f-3f2d-3422-0e95-146b05f7f768@elektropost.org> <20180323172504.GA55971@plan-b.pwste.edu.pl> <d2b11066-0313-81b9-933c-67721054488c@elektropost.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--Apple-Mail=_4E2C9BD6-B7A9-4D60-96EC-D0A8852A43FC
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=utf-8
Hi,
Sorry that I am coming to the conversation a little late. I have several =
systems Which run with multiple IP connections where the jail responds =
to multiple IPs
I set /etc/rc.conf to just control the ips of the host. as an example;
ifconfig_igb1=3D"inet AAA.AAA.AAA.1 netmask 255.255.255.0"
defaultrouter=3D=E2=80=9CAAA.AAA.AAA.1=E2=80=9D
ifconfig_igb2=3D"inet 192.168.10.1 netmask 255.255.255.0"
ifconfig_igb4=3D"UP"
ifconfig_igb5=3D"UP"
ifconfig_igb6=3D"UP"
ifconfig_igb7=3D"UP"
cloned_interfaces=3D"lagg0"
ifconfig_lagg0=3D"laggproto lacp laggport igb4 laggport igb5 laggport =
igb6 laggport igb7 192.168.12.14/24=E2=80=9D
The jail is then set with it=E2=80=99s jail.conf file as such;
jailname {
host.hostname =3D =E2=80=9Cjailname";
ip4.addr =3D =E2=80=9Cigb1|AAA.AAA.AAA.2/24=E2=80=9D;
ip4.addr +=3D =E2=80=9Cigb2|192.168.10.21/24=E2=80=9D;
ip4.addr +=3D "lagg0|192.168.12.32/24";
path =3D "/usr/jail/jailname";
exec.start =3D "/bin/sh /etc/rc";
exec.stop =3D "/bin/sh /etc/rc.shutdown";
exec.consolelog =3D "/var/log/jail.jailname.console.log";
mount.devfs;
}
My interfaces are igb# your's are em0
Apache is set to listen to;
Listen :80
If the Apache setup is not complex it should just work on all IP. If you =
are running vhosts you will need to specify ServerName and/or =
ServerAliases in apache.
If the jail requires a different gateway than the defaultrouter then you =
will need to setup fibs.
Chris
> On Mar 23, 2018, at 3:17 PM, joerg_surmann =
<joerg_surmann@elektropost.org> wrote:
>=20
> Hi,
>=20
> thanks for yor help.
>=20
> I can't find a solution.
>=20
> But i have find a starnge ip config.
>=20
> in rc.conf on Host(not jail)
>=20
> ifconfig_vmx0_alias1=3D"inet 192.168.100.2 netmask 255.255.255.0"
> ifconfig_em0=3D"inet 213.70.80.92 netmask 255.255.255.0"
>=20
> ifconfig on host say:
> inet 213.70.80.92 netmask 0xffffffff broadcast 213.70.80.92
> inet 192.168.100.2 netmask 0xffffffff broadcast 192.168.100.2
>=20
> ifconfig say to both ip's /32.
>=20
> Maby that's the reason for unavailable the apache.
>=20
> ifconfig iside the jail say the same.
>=20
> I'm a little bit confused.
>=20
>=20
>=20
> Am 23.03.2018 um 18:25 schrieb Marek Zarychta:
>> On Fri, Mar 23, 2018 at 04:01:30PM +0100, Joerg Surmann wrote:
>>> Hi all,
>>>=20
>>> I have a Problem to understund how to manage 2 Networks inside a =
Jail.
>>>=20
>>> i have create a jail (using ezjail) with a alias IP. in rc.conf (on
>>> Host):
>>>=20
>>> ifconfig_vmx0=3D"inet 192.168.100.1 netmask 255.255.255.0"
>>> ifconfig_vmx0_alias0=3D"inet 192.168.100.2 netmask 255.255.255.0" =
<-
>>> this is the jail ip
>>>=20
>>> Inside the jail running apachhe24.
>>>=20
>>> Now i add a new NIC to the System. in rc.conf (on Host):
>>> ifconfig_em0=3D"inet 213.70.80.92 netmask 255.255.255.0"
>>>=20
>>> in /usr/local/etc/ezjail/myjail.conf: i add the new ip export
>>> jail_myjail_ip=3D"192.168.100.2,213.70.80.92"
>>>=20
>>> Restart the jail and ifconfig looks fine. vmx0 -> inet =
192.168.100.2
>>> em0 -> inet 213.70.80.92
>>>=20
>>> Apache Listen on all NIC's (<VirtualHost *:80>) But i can see my
>>> Website only via 192.168.100.2 from intern Network.
>>>=20
>>> The Host is behind a Firewall. The IP 213.70.80.92 is enabled for
>>> incomming Traffic.
>>>=20
>>> When i give the Hostname in a Browser i become "connection Timeout".
>>>=20
>>> What is to do that the Host is accessable from Inet?
>>>=20
>> Hi Joerg,
>>=20
>> I guess your host has default gw reachable via vmx0 and second =
interface
>> em0 is connected and was reachable at least from firewall protecting
>> address 213.70.80.92? If it is true then you should add:
>>=20
>> to /usr/local/etc/ezjail/myjail.conf
>> export =
jail_myjail_ip=3D"lo1|127.0.1.1,vmx0|192.168.100.2,em0|213.70.80.92"
>> export jail_myjail_fib=3D"1"
>>=20
>> to /etc/rc.conf
>> static_routes=3D"net_jails"
>> route_net_jails=3D"default 213.70.80.x -fib 1"
>>=20
>> to /boot/loader.conf
>> net.fibs=3D"2"
>>=20
>> Eventually take a look at setfib(1) and also consider migrating em
>> adapter to second vmx which shuld be faster and more flexible.
>>=20
>> IMHO this questions should be asked rather on freebsd-net list than
>> here.
>=20
>=20
--Apple-Mail=_4E2C9BD6-B7A9-4D60-96EC-D0A8852A43FC
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=signature.asc
Content-Type: application/pgp-signature;
name=signature.asc
Content-Description: Message signed with OpenPGP
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEi+l+WvjUMve3CBUQ0McJ9XNZ9LEFAlq1YCMACgkQ0McJ9XNZ
9LEplxAAiSrcOP0KVLb1TFuR3NximPUObOk7OPk0ueX4ZW6RaLOMZ/7D1m/tnIl/
TUjLlflzyUeAtXHVj9rYbqXMwpL6ftCtd6U/YAz6kqX5nq3k6vkqE2NjJcFd8Jh0
V0svjA4xMOVai3+M2eBf8CWnYFQT62ekbqK1wTon5vL8us/4VHXIjY81vGugMI6J
f3m+94xVE9HHTX79Nrc39cQ/4IAcskdCjF5SgWFSc5GBo/2yh2Sgl3NYUsysPPdV
M+/oUqg8ZDKO2PGrHUr02+oPnoRdFoh/1DpT0i0jNjgKlqDiysYy2qI9n+6u9TOL
T5OmMmaAoPaVg+0N+2JaH8jvPYv8PCZPcaIhl4YaZlm10liLEXN23riDxv3Wgf6a
A52nMJZOjqt+2QLs4eS5i5xhZqLay6SiqRuG9vcvc46WU5x9UyoxjixwYVP0wfyc
WmlQEHTsrG6D8is2AphPEYfyc6c+f0ksSFYU7x3VvzoQiAU3QdgOW7DUbAbzpFC/
Du3VTLcy6skYl1qSI02b9V3olP6Ly3GtNVGVfZMEUc/wlmE8IyN4i5JZHj++tY6q
amTRisEZQmfLJyyRrtxZKyCPOjmMRD4f9o/K2UUd+F1wmZqp0lklOlQFAu8hDch6
ew6LZgLIILE/MOFsG6b7swq+42AzFVsC9UzZt9su/b9VirbHZ6I=
=vV0a
-----END PGP SIGNATURE-----
--Apple-Mail=_4E2C9BD6-B7A9-4D60-96EC-D0A8852A43FC--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?A73D34E8-D11C-4331-B6F8-67228830DAD7>