Hello, in short:
A Jail is installed. Can start and stop and connect to it. Inside its running an Apache web server. Some simple Website exists.
Starting the jail and make a test like this works:
printf "HEAD / HTTP/1.1\r\nHost: <www.example.com>t\r\n\r\n"
also
Output:
Problem: doing this from outside the host do not work. I have oriented me, by this example:
https://www.ohreally.nl/2021/02/08/freebsd-jails-a-complete-example/ but using IPFW as firewall. He uses "pf". So I try to translate that to "pf", but I can not find out, what I have done wrong.
There are also other firewall settings, but not for NAT, or for the web server. I have a web server running on the the host, and with this 'other firewall settings' there are no problems for it. Sure the Host Apache is stopped, when I test the jail, so the Apache ports are free for the jail.
What could be wrong in my configuration - many thanks.
A Jail is installed. Can start and stop and connect to it. Inside its running an Apache web server. Some simple Website exists.
Starting the jail and make a test like this works:
printf "HEAD / HTTP/1.1\r\nHost: <www.example.com>t\r\n\r\n"
also
telnet <www.example.com> 80
Code:
Trying "jail-IP"...
Connected to "jail-IP".
Escape character is '^]'.
GET /index.htm HTTP/1.1
host: www.example.com
<line feed>
[Enter]
[Enter]
Code:
HTTP/1.1 200 OK
Date: Mon, 06 Jun 2022 16:38:00 GMT
Server: Apache..........................Webseite
https://www.ohreally.nl/2021/02/08/freebsd-jails-a-complete-example/ but using IPFW as firewall. He uses "pf". So I try to translate that to "pf", but I can not find out, what I have done wrong.
Code:
#-----------------------------------------------------------------------
# NAT for Jails (IPFW)
cmd="ipfw -q add"
nwinterface="<my vnet interface>"
${cmd} 410 nat 1 ip from any to me in via $nwinterface
${cmd} 420 nat 1 ip from Jail.IP.0.0/27 to any out via $nwinterface
#for web server ports
ipfw nat 1 config if $nwinterface redirect_port tcp Jail.IP.IP.IP:80 80
ipfw nat 1 config if $nwinterface redirect_port tcp Jail.IP.IP.IP:443 443
#
# Allow out non-secure standard www function
${cmd} 600 allow tcp from any to any 80 out via $nwinterface setup keep-state
# Allow out secure www function https over TLS SSL
${cmd} 620 allow tcp from any to any 443 out via $nwinterface setup keep-state
What could be wrong in my configuration - many thanks.
Last edited by a moderator: