Date: Thu, 7 Mar 2013 13:29:44 +0100 From: Yoann Gini <yoann.gini@gmail.com> To: Boris Samorodov <bsam@passap.ru> Cc: freebsd-jail@freebsd.org Subject: =?utf-8?Q?Re=3A_IPv4_addresses_clash_/_jails_not_working_after_r?= =?utf-8?Q?eboot=E2=80=A6?= Message-ID: <B2490966-A735-4016-9176-19ABD576E485@gmail.com> In-Reply-To: <513864D5.1070900@passap.ru> References: <AB3DFF28-207C-44B1-AEF4-4331B7959436@gmail.com> <55865.68.255.104.38.1362619385.squirrel@cosmo.uchicago.edu> <6C130E1F-6CDC-4328-A300-5B483B8B4940@gmail.com> <513864D5.1070900@passap.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Le 7 mars 2013 =C3=A0 10:58, Boris Samorodov <bsam@passap.ru> a =C3=A9crit= : > 07.03.2013 12:48, Yoann Gini =D0=BF=D0=B8=D1=88=D0=B5=D1=82: >=20 >> I need to share this IP, I=E2=80=99ve only one and I would like to = avoid playing with NAT=E2=80=A6 >=20 > One IP may be shared but for different services (ports). That what I=E2=80=99ve understand and what I=E2=80=99ve planned. >> If someone have a idea=E2=80=A6 >=20 > Give some more information: > 1. OS version, OS arch. FreeBSD srv0.public.example.com 9.1-RELEASE FreeBSD 9.1-RELEASE #0 = r243825: Tue Dec 4 09:23:10 UTC 2012 = root@farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64 > 2. Jail configuration (at least one) from /etc and = LOCALBASE/etc/ezjail. What do you want in /etc ? Except the fstab, I don=E2=80=99t see any = config here, the fstab look like that: /home/jails/basejail /home/jails/front0.public.example.com/basejail = nullfs ro 0 0 /usr/ports /home/jails/front0.public.example.com/usr/ports = nullfs ro 0 0 And here is the ezjail config export = jail_front0_public_example_com_hostname=3D"front0.public.example.com" export jail_front0_public_example_com_ip=3D=C2=AB = IPv6Prefix::80,SharedIPv4,10.42.0.2" export = jail_front0_public_example_com_rootdir=3D"/home/jails/front0.public.exampl= e.com" export jail_front0_public_example_com_exec_start=3D"/bin/sh /etc/rc" export jail_front0_public_example_com_exec_stop=3D"" export jail_front0_public_example_com_mount_enable=3D"YES" export jail_front0_public_example_com_devfs_enable=3D"YES" export jail_front0_public_example_com_devfs_ruleset=3D"devfsrules_jail" export jail_front0_public_example_com_procfs_enable=3D"YES" export jail_front0_public_example_com_fdescfs_enable=3D"YES" export jail_front0_public_example_com_image=3D"" export jail_front0_public_example_com_imagetype=3D"" export jail_front0_public_example_com_attachparams=3D"" export jail_front0_public_example_com_attachblocking=3D"" export jail_front0_public_example_com_forceblocking=3D"" export jail_front0_public_example_com_zfs_datasets=3D"" export jail_front0_public_example_com_cpuset=3D"" export jail_front0_public_example_com_fib=3D"" > 3. What do you want to achieve. I want a setup with: =E2=80=94 srv0 listen only for SSH on a alternate port for supervision = on public IPv4/6 ; =E2=80=94 front0 to handle any public services (web, DNS, e-mail) on = public IPv4/6 ; =E2=80=94 service0 to handle internal services (git, redmine, AFP = sharepoints=E2=80=A6) on private IP and SSH on a other alternate port on = public IPv4/6 ; =E2=80=94 gateway0 to act as a VPN server and webproxy to secure access = to private services on service0 and act as a secure gateway to encrypt = network traffic for road-warriors on public network. In the end, I will dispatch those services on different server but for = now I only access to one system, so I would like to prepare the setup to = be dispatched on different hardware when the budget come. Actually, if I remove the SharedIPv4 from the jails, it works. I=E2=80=99ve investigate more on the open socket area and I think the = problem come from Apache who still lisent on *:* even if I=E2=80=99ve = set a Listen directive=E2=80=A6=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?B2490966-A735-4016-9176-19ABD576E485>