tail -f /var/log/httpd-access.log 192.168.100.2 - - [23/Mar/2018:13:12:10 +0000] "OPTIONS * HTTP/1.0" 200 - 192.168.100.2 - - [23/Mar/2018:15:12:02 +0000] "OPTIONS * HTTP/1.0" 200 - 213.70.80.92 - - [23/Mar/2018:15:33:07 +0000] "OPTIONS * HTTP/1.0" 200 - 213.70.80.92 - - [23/Mar/2018:15:33:08 +0000] "OPTIONS * HTTP/1.0" 200 - 213.70.80.92 - - [23/Mar/2018:15:33:09 +0000] "OPTIONS * HTTP/1.0" 200 - 213.70.80.92 - - [23/Mar/2018:15:35:37 +0000] "GET / HTTP/1.1" 302 209 213.70.80.92 - - [23/Mar/2018:15:35:44 +0000] "OPTIONS * HTTP/1.0" 200 - 213.70.80.92 - - [23/Mar/2018:15:35:45 +0000] "OPTIONS * HTTP/1.0" 200 - 213.70.80.92 - - [23/Mar/2018:15:35:46 +0000] "OPTIONS * HTTP/1.0" 200 - 213.70.80.92 - - [23/Mar/2018:15:58:05 +0000] "GET / HTTP/1.1" 302 209 tail -f /var/log/httpd-error.log [Fri Mar 23 12:08:18.142835 2018] [mpm_prefork:notice] [pid 18904] AH00163: Apache/2.4.29 (FreeBSD) OpenSSL/1.0.2k-freebsd PHP/7.1.15 configured -- resuming normal operations [Fri Mar 23 12:08:18.142925 2018] [core:notice] [pid 18904] AH00094: Command line: '/usr/local/sbin/httpd -D NOHTTPACCEPT' [Fri Mar 23 12:30:19.005654 2018] [mpm_prefork:notice] [pid 18904] AH00169: caught SIGTERM, shutting down [Fri Mar 23 12:31:11.111900 2018] [ssl:warn] [pid 2542] AH01873: Init: Session Cache is not configured [hint: SSLSessionCache] [Fri Mar 23 12:31:11.847515 2018] [mpm_prefork:notice] [pid 2542] AH00163: Apache/2.4.29 (FreeBSD) OpenSSL/1.0.2k-freebsd PHP/7.1.15 configured -- resuming normal operations [Fri Mar 23 12:31:11.847589 2018] [core:notice] [pid 2542] AH00094: Command line: '/usr/local/sbin/httpd -D NOHTTPACCEPT' [Fri Mar 23 15:32:08.238227 2018] [mpm_prefork:notice] [pid 2542] AH00169: caught SIGTERM, shutting down [Fri Mar 23 15:32:08.414689 2018] [ssl:warn] [pid 40920] AH01873: Init: Session Cache is not configured [hint: SSLSessionCache] [Fri Mar 23 15:32:08.716943 2018] [mpm_prefork:notice] [pid 40920] AH00163: Apache/2.4.29 (FreeBSD) OpenSSL/1.0.2k-freebsd PHP/7.1.15 configured -- resuming normal operations [Fri Mar 23 15:32:08.717018 2018] [core:notice] [pid 40920] AH00094: Command line: '/usr/local/sbin/httpd -D NOHTTPACCEPT jls -v JID Hostname Path Name State CPUSetID IP Address(es) 2 apache24 /usr/jails/apache24 apache24 ACTIVE 3 192.168.100.2 213.70.80.92 jls -s devfs_ruleset=0 enforce_statfs=2 host=new ip4=disable ip6=disable jid=2 name=apache24 osreldate=1101001 osrelease=11.1-RELEASE path=/usr/jails/apache24 nopersist securelevel=-1 sysvmsg=disable sysvsem=disable sysvshm=disable allow.nochflags allow.mount allow.mount.nodevfs allow.mount.nofdescfs allow.mount.nolinprocfs allow.mount.nolinsysfs allow.mount.nonullfs allow.mount.noprocfs allow.mount.notmpfs allow.mount.nozfs allow.noquotas allow.raw_sockets allow.noset_hostname allow.nosocket_af allow.nosysvipc children.max=0 host.domainname="" host.hostid=0 host.hostname=apache24 host.hostuuid=00000000-0000-0000-0000-000000000000 Am 23.03.2018 um 16:58 schrieb Miroslav Lachman: > Joerg Surmann wrote on 2018/03/23 16:45: >> Thanks for replay. >> >> netstat -an | egrep 'tcp4.*80 .*LISTEN' >> say: >> netstat: kvm not available: /dev/mem No such file or directory <- is >> inside a jail. >> tcp4 0 0 *.80 *.* LISTEN >> >> grep -i Listen /usr/local/etc/apache24/httpd.conf >> >> Listen 80 >> Listen 443 >> >> From the internal IP is no Problem. >> You are right. I'm not sure on wich IP's Apache is listening. >> >> I have change the Listen directive to the external IP in httpd.conf >> Listen 213.70.80.92:80 >> >> netstat -an | egrep 'tcp4.*80 .*LISTEN' >> now say: >> tcp4 0 0 213.70.80.92:80 *.* LISTEN >> >> But apache is not availble from Internet. >> From Intranet... no Problem. >> >> When i use tcpdump on Host i can see Traffic. >> >> Whats wrong? > > That's strange. > > Listen 80 and Listen 443 is OK, it is the same as > Listen *:80 > Listen *:443 > and as you see with netstat, Apache was listening on both IPs: > *.80 *.* LISTEN > > Do you have something listening on port 80 in the Host? > > What netstat shows in the host? > > Also check Apache log files. If you didn't configure virtual host, > then you have just these two log files: > /var/log/httpd-access.log > /var/log/httpd-error.log > > Use tail and then try to access your website from the internet > > # tail -f /var/log/httpd-*.log > > Please send what "jls -v" in the Host will show you. (there should be > 2 IPs for your jail) or "jls -s" (replace any sensitive informations > if you want) > > And move this discussion to proper mailing list: > freebsd-jail_at_FreeBSD.org > > Miroslav Lachman > > >> Am 23.03.2018 um 16:07 schrieb Miroslav Lachman: >>> Joerg Surmann wrote on 2018/03/23 13:49: >>>> Hi all, >>>> >>>> I have a Problem to understund how to manage 2 Networks inside a Jail. >>>> >>>> i have create a jail (using ezjail) with a alias IP. >>>> in rc.conf (on Host): >>>> >>>> ifconfig_vmx0="inet 192.168.100.1 netmask 255.255.255.0" >>>> ifconfig_vmx0_alias0="inet 192.168.100.2 netmask 255.255.255.0" <- >>>> this >>>> is the jail ip >>>> >>>> Inside the jail running apachhe24. >>>> >>>> Now i add a new NIC to the System. >>>> in rc.conf (on Host): >>>> ifconfig_em0="inet 213.70.80.92 netmask 255.255.255.0" >>>> >>>> in /usr/local/etc/ezjail/myjail.conf: >>>> i add the new ip >>>> export jail_myjail_ip="192.168.100.2,213.70.80.92" >>>> >>>> Restart the jail and ifconfig looks fine. >>>> vmx0 -> inet 192.168.100.2 >>>> em0 -> inet 213.70.80.92 >>>> >>>> Apache Listen on all NIC's (<VirtualHost *:80>) >>>> But i can see my Website only via 192.168.100.2 from intern Network. >>>> >>>> The Host is behind a Firewall. >>>> The IP 213.70.80.92 is enabled for incomming Traffic. >>>> >>>> When i give the Hostname in a Browser i become "connection Timeout". >>>> >>>> What is to do that the Host is accessable from Inet? >>> >>> Are you sure Apache is listening on both IPs? >>> >>> What netstat says? >>> >>> # netstat -an | egrep 'tcp4.*80 .*LISTEN' >>> >>> Also check what you have in httpd.conf for Listen directive >>> >>> # grep -i Listen /usr/local/etc/apache24/httpd.conf >>> >>> I am not using ezjail, I am using jail.conf >>> >>> costa { >>> host.hostname = "costa.example.com"; >>> ip4.addr = AA.BB.CCC.DDD; >>> ip4.addr += 192.168.222.57; >>> } >>> >>> Real IP was replaced with AA.BB.CCC.DDD >>> >>> And it works. Services inside jail must be listening on both IPs or >>> wildcard * (0.0.0.0) >>> >>> And be sure to disable hosts services to listen on IPs and ports you >>> want to be served from jail.
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:15 UTC