# Websites resolves on host IP instead of jail IP



## DotNaBox (Apr 25, 2012)

Hello everyone,

New FreeBSD user here. I've been aware of its existence for some time, but, at the encouragement of my supervisor, I've decided to jump in and see what it's all about. My first project has been to get a mailman list set up in a jailed environment. 

With the help of several sites, I have been able to successfully get FreeBSD installed and my jail configured. I currently have Apache running in the jail, but have hit a snag that I am unable to move past. The "It works!" verification page comes up when I use the IP of my host instead of my jail. Below are (I think) the files that will help clarify things.

/etc/rc.conf on HOST:

```
#cat /etc/rc.conf
hostname="bsd-01"
ifconfig_de0=" inet 192.168.220.167 netmask 255.255.255.0"
defaultrouter="192.168.220.254"
dumpdev="AUTO"

cloned_interfaces="lo1"
ifconfig_lo1="inet 192.168.220.168 netmask 255.255.255.255"

pf_enable="YES"
pf_rules="/etc/pf.conf"

ezjail_enable="YES"
```

/etc/pf.conf on HOST:

```
# cat /etc/pf.conf
ext_if="de0"
int_if="lo1"
jailnet=$int_if:network

MAILMAN="192.168.220.168"

nat on $ext_if from $jailnet to any -> ($ext_if)

rdr pass on $ext_if inet proto tcp to port http -> $MAILMAN port http
```

/etc/rc.conf on JAIL:

```
# cat /etc/rc.conf
apache22_enable="YES"
apache22_http_accept_enable="YES"
hostname="mailman.my_department.university.edu"
rpcbind_enable="NO"
syslogd_flags="-ss"
clear_tmp_enable="YES"
```

My main concern is figuring out why my site resolves on 192.168.220.167 (host) and not 192.168.220.168 (jail), but I am open to any other suggestions/readings related to what I'm working toward.


----------



## SirDice (Apr 26, 2012)

Edit your httpd.conf, look for the Listen directive. Make sure Apache is bound to the IP address of your jail.

You can remove the PF configuration, both your host and your jail are on the same 192.168.220.0/24 subnet so there's no need for NAT or redirections.

Remove the cloned lo1 interface too, you don't need it. Alias the IP address of the jail on de0.

You _can_ use lo1 but it has to be in a different subnet from de0. If you do that than you do need the NAT. But for a simple setup this isn't needed.


----------



## DotNaBox (Apr 26, 2012)

SirDice,

Thank you for the sound advice about aliases. That definitely did the trick! I am now up and running with exactly what I need.


----------

