thr3ads.net - freebsd stable - Two NIC's inside a Jail [Mar 2018]

If this information is useful, please help other people find it:
Share via:

Marek Zarychta

2018-Mar-23 17:25 UTC

Two NIC's inside a Jail

On Fri, Mar 23, 2018 at 04:01:30PM +0100, Joerg Surmann
wrote:> Hi all,
> 
> I have a Problem to understund how to manage 2 Networks inside a Jail.
> 
> i have create a jail (using ezjail) with a alias IP.  in rc.conf (on
> Host):
> 
> ifconfig_vmx0="inet 192.168.100.1 netmask 255.255.255.0"
> ifconfig_vmx0_alias0="inet 192.168.100.2 netmask 255.255.255.0"?
<-
> this is the jail ip
> 
> Inside the jail running apachhe24.
> 
> Now i add a new NIC to the System.  in rc.conf (on Host):
> ifconfig_em0="inet 213.70.80.92 netmask 255.255.255.0"
> 
> in /usr/local/etc/ezjail/myjail.conf: i add the new ip export
> jail_myjail_ip="192.168.100.2,213.70.80.92"
> 
> Restart the jail and ifconfig looks fine.  vmx0 -> inet 192.168.100.2
> em0? -> inet 213.70.80.92
> 
> Apache Listen on all NIC's (<VirtualHost *:80>) But i can see my
> Website only via 192.168.100.2 from intern Network.
> 
> The Host is behind a Firewall.  The IP? 213.70.80.92 is enabled for
> incomming Traffic.
> 
> When i give the Hostname in a Browser i become "connection
Timeout".
> 
> What is to do that the Host is accessable from Inet?
> 
Hi Joerg, 

I guess your host has default gw reachable via vmx0 and second interface
em0 is connected and was reachable at least from firewall protecting
address 213.70.80.92? If it is true then you should add: 

to /usr/local/etc/ezjail/myjail.conf 
export
jail_myjail_ip="lo1|127.0.1.1,vmx0|192.168.100.2,em0|213.70.80.92"
export jail_myjail_fib="1"

to /etc/rc.conf
static_routes="net_jails"
route_net_jails="default 213.70.80.x -fib 1"

to /boot/loader.conf
net.fibs="2"

Eventually take a look at setfib(1) and also consider migrating em
adapter to second vmx which shuld be faster and more flexible.

IMHO this questions should be asked rather on freebsd-net list than
here.
-- 
Marek Zarychta
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL:
<http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20180323/e089f9c5/attachment.sig>

joerg_surmann

2018-Mar-23 19:17 UTC

head link

Two NIC's inside a Jail

Hi,

thanks for yor help.

I can't find a solution.

But i have find a starnge ip config.

in rc.conf on Host(not jail)

ifconfig_vmx0_alias1="inet 192.168.100.2? netmask 255.255.255.0"
ifconfig_em0="inet 213.70.80.92 netmask 255.255.255.0"

ifconfig on host say:
inet 213.70.80.92 netmask 0xffffffff broadcast 213.70.80.92
inet 192.168.100.2? netmask 0xffffffff broadcast 192.168.100.2

ifconfig say to both ip's /32.

Maby that's the reason for unavailable the apache.

ifconfig iside the jail say the same.

I'm a little bit confused.



Am 23.03.2018 um 18:25 schrieb Marek Zarychta:> On Fri, Mar 23, 2018 at 04:01:30PM +0100, Joerg Surmann wrote:
>> Hi all,
>>
>> I have a Problem to understund how to manage 2 Networks inside a Jail.
>>
>> i have create a jail (using ezjail) with a alias IP.  in rc.conf (on
>> Host):
>>
>> ifconfig_vmx0="inet 192.168.100.1 netmask 255.255.255.0"
>> ifconfig_vmx0_alias0="inet 192.168.100.2 netmask
255.255.255.0"? <-
>> this is the jail ip
>>
>> Inside the jail running apachhe24.
>>
>> Now i add a new NIC to the System.  in rc.conf (on Host):
>> ifconfig_em0="inet 213.70.80.92 netmask 255.255.255.0"
>>
>> in /usr/local/etc/ezjail/myjail.conf: i add the new ip export
>> jail_myjail_ip="192.168.100.2,213.70.80.92"
>>
>> Restart the jail and ifconfig looks fine.  vmx0 -> inet
192.168.100.2
>> em0? -> inet 213.70.80.92
>>
>> Apache Listen on all NIC's (<VirtualHost *:80>) But i can see
my
>> Website only via 192.168.100.2 from intern Network.
>>
>> The Host is behind a Firewall.  The IP? 213.70.80.92 is enabled for
>> incomming Traffic.
>>
>> When i give the Hostname in a Browser i become "connection
Timeout".
>>
>> What is to do that the Host is accessable from Inet?
>>
> Hi Joerg, 
>
> I guess your host has default gw reachable via vmx0 and second interface
> em0 is connected and was reachable at least from firewall protecting
> address 213.70.80.92? If it is true then you should add: 
>
> to /usr/local/etc/ezjail/myjail.conf 
> export
jail_myjail_ip="lo1|127.0.1.1,vmx0|192.168.100.2,em0|213.70.80.92"
> export jail_myjail_fib="1"
>
> to /etc/rc.conf
> static_routes="net_jails"
> route_net_jails="default 213.70.80.x -fib 1"
>
> to /boot/loader.conf
> net.fibs="2"
>
> Eventually take a look at setfib(1) and also consider migrating em
> adapter to second vmx which shuld be faster and more flexible.
>
> IMHO this questions should be asked rather on freebsd-net list than
> here.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 874 bytes
Desc: OpenPGP digital signature
URL:
<http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20180323/82159c64/attachment.sig>

freebsd stable - Mar 2018 - Two NIC's inside a Jail

Two NIC's inside a Jail

Two NIC's inside a Jail