Hi!
I've recently begun trying to setup a jail for my webserver, and i can't get it to function correctly.
The host is running a jail on a specific IP. It is also used as a firewall for my LAN and the setup looks like this:
Internet <--fxp0--> FreeBSD server (host) <--rl0--> LAN
I have got it running so that's its able to connect from my LAN; it works without any problems (when i type 192.168.1.5:8080 in the browser it accesses the jail). But I can't get it to connect from the internet. I have configured the firewall/NATd to forward the packets to my jail server address, and since I have other forwarding in place that works it can't be a firewall problem. I investigated (at least on what I am capable of ) the problem and it seems that packets reach the firewall and gets through, but, the jail doesn't respond to
the inital handshake, but I'm not sure what is causing that.
I would be glad to get some help with this since I been trying days after days with different configurations.
regards
fisk
My configuration
Host (rl0 = lan, fxp0 = internet):
host: 83.xx.xx.xx
jail: 192.168.1.5
rc.conf (snippet)
natd.conf
jail:
rc.conf
httpd.conf (snippet)
Also, hosts and resolv.conf are updated with correct information.
I've recently begun trying to setup a jail for my webserver, and i can't get it to function correctly.
The host is running a jail on a specific IP. It is also used as a firewall for my LAN and the setup looks like this:
Internet <--fxp0--> FreeBSD server (host) <--rl0--> LAN
I have got it running so that's its able to connect from my LAN; it works without any problems (when i type 192.168.1.5:8080 in the browser it accesses the jail). But I can't get it to connect from the internet. I have configured the firewall/NATd to forward the packets to my jail server address, and since I have other forwarding in place that works it can't be a firewall problem. I investigated (at least on what I am capable of ) the problem and it seems that packets reach the firewall and gets through, but, the jail doesn't respond to
the inital handshake, but I'm not sure what is causing that.
I would be glad to get some help with this since I been trying days after days with different configurations.
regards
fisk
My configuration
Host (rl0 = lan, fxp0 = internet):
host: 83.xx.xx.xx
jail: 192.168.1.5
rc.conf (snippet)
Code:
ifconfig_rl0="inet 192.168.0.1 netmask 255.255.255.0"
ifconfig_fxp0="DHCP"
ifconfig_fxp0_alias0="inet 192.168.1.5 netmark 0xffffffff"
gateway_enable="YES"
natd_enable="YES"
natd_interface="fxp0"
natd_flags="-f /etc/natd.conf"
firewall_enable="YES"
firewall_script="/etc/ipfw.rules"
# Jails
jail_enable="YES" # Set to NO to disable starting of any jails
jail_list="www" # Space separated list of names of jails
jail_interface="fxp0"
jail_www_rootdir="/usr/jail/www" # jail's root directory
jail_www_hostname="www.local" # jail's hostname
jail_www_ip="192.168.1.5" # jail's IP address
jail_www_devfs_enable="YES" # mount devfs in the jail
jail_www_devfs_ruleset="www_ruleset" # devfs ruleset to apply to jail
natd.conf
Code:
#log
#verbose
dynamic yes
use_sockets yes
same_ports yes
# Redirections
redirect_port tcp 192.168.1.5:8080 8080
#redirect_address tcp 192.168.1.5 83.xx.xx.xx
jail:
rc.conf
Code:
network_interfaces=""
rpcbind_enable="NO"
hostname="www.local"
clear_tmp_enable="YES"
securelevel_enable="YES"
kern_securelevel="3"
apache22_enable="YES"
httpd.conf (snippet)
Code:
#Listen 192.168.1.5:8080
Listen 8080