Jail -- cannot reach from outside

[gpatrick]

After more reading I finally have a jail installed on 10.1.1.1 and was able to install Apache from ports from inside the jail. However, I cannot reach it from outside.

Setup is a linksys router 192.168.100.1 as the gateway and the FreeBSD host has an IP of 192.168.100.100. The jail is on lo1 with 10.1.1.1. Linksys is not doing DHCP.

I have a nat rule and rdr rule in /etc/pf.conf:
nat on re0 from 10.1.1.0/24 to any -> (re0)
rdr on re0 proto tcp from 0/32 to any port 80 -> 10.1.1.1

In the httpd.conf the ServerName is set like example.com and is listening on port 80.

 

[SirDice]

You will need to configure your linksys router to forward port 80 to 192.168.100.100:80.

I would ditch the nat/rdr on the fbsd box however and attach the jail to re0 using a 192.168.100.0/24 address. That'll make it a bit easier to configure.

 

[gpatrick]

Have a pf rule to allow only http traffic to 192.168.100.101 which is the re0_alias0? Block all other inbound traffic?

 

[SirDice]

I never bother with firewalling my internal machines. They're behind a firewall on my internet gateway.