Jail: unable to connect to apache from Internet

J

joggx

Hi,

The jail is configured to use a static public IP. The SSH can be reached on port 22 from Internet. However apache24 unreachable with 'no route to host' (telnet) error. How can I troubleshoot? TIA.

Code: 
USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS
www      httpd      7922  3  tcp4   *:80                  *:*
www      httpd      7922  4  tcp4   *:443                 *:*
www      httpd      7921  3  tcp4   *:80                  *:*
www      httpd      7921  4  tcp4   *:443                 *:*
www      httpd      7920  3  tcp4   *:80                  *:*
www      httpd      7920  4  tcp4   *:443                 *:*
www      httpd      7919  3  tcp4   *:80                  *:*
www      httpd      7919  4  tcp4   *:443                 *:*
www      httpd      7918  3  tcp4   *:80                  *:*
www      httpd      7918  4  tcp4   *:443                 *:*
root     httpd      7916  3  tcp4   *:80                  *:*
root     httpd      7916  4  tcp4   *:443                 *:*
root     sshd       7170  3  tcp4   *:22               *:*
root     sendmail   13722 3  tcp4   127.0.1.10:25         *:*
mysql    mysqld     13678 19 tcp4   *:33060               *:*
 
Run on the host and in the jail,
Code: 
netstat -rn
Verify a route exists from the jail towards the host IP-address.
Verify a route exists from the host IP-address to the jail.
 
Alain De Vos said:
Run on the host and in the jail,
Code: 
netstat -rn
Verify a route exists from the jail towards the host IP-address.
Verify a route exists from the host IP-address to the jail.
Click to expand...

Here is the result. But doesn't ssh reach the jail the same way?

Code: 
Routing tables

Internet:
Destination        Gateway            Flags     Netif Expire
JAIL-IP            link#1             UH          lo0
127.0.1.6          link#6             UH          lo1
192.168.50.2       link#2             UH          lo0
 
SirDice said:
Firewall blocking traffic?
Click to expand...
The main host is using static IP_A, the jail is assigned IP_B. These IPs are bound to interface bce0. A pf rdr rule was redirecting 80, 443 to a VM:

Code: 
ext_if="bce0"
rdr on $ext_if proto tcp from any to any port {48338} -> 192.168.8.4

So the incoming traffic on 80 and 443 is actually forwarded to the VM rather than the jail. After removing the ports from the rdr rule the problem solved (or specify the to IP).
 
You must log in or register to reply here.
Back
Top