# Host unable to load web pages from Jail - 408



## unknownuser (Jan 23, 2017)

Hello everyone.

I have a Windows 10 Workstation where I run a FreeBSD 10.3 Guest server over VMWare 12. This FreeBSD VM is meant to run multiple Apache/PHP/Wordpress instances on multiple jails.

The FreeBSD guest is bridged through the HOST Ethernet NIC, where the HOST has the IP 192.168.1.195, the FreeBSD guest has the IP 192.168.1.100 and Jails fall under 10.1.0.0/24 subnet.

The issue I am having is specifically related to the Windows 10 HOST which is unable to load any contents neither from apache24 nor nginx. The result is pretty much the same with both. Browser will say that is unable to reach the site and that the connection was resetted. The webserver on the jails can be reached without any issues from any other devices inside the LAN and outside to other subnets. Again, the problem is only with the Host.

# /var/log/httpd-access.log where the HOST is asking for a file / folder


```
10.1.0.2 - - [20/Jan/2017:16:42:16 -0600] "OPTIONS * HTTP/1.0" 200 -
192.168.1.195 - - [20/Jan/2017:16:42:17 -0600] "GET /wordpress/wp-admin/ HTTP/1.1" 302 -
192.168.1.195 - - [20/Jan/2017:16:42:37 -0600] "-" 408 -
192.168.1.195 - - [20/Jan/2017:16:42:37 -0600] "-" 408 -
```

# /var/log/httpd-access.log where another device is asking for a file / folder; ip 192.168.1.128


```
192.168.1.1 - - [20/Jan/2017:16:41:15 -0600] "GET /wordpress/wp-admin/ HTTP/1.1" 302 -
192.168.1.1 - - [20/Jan/2017:16:41:15 -0600] "GET /wordpress/wp-admin/install.php HTTP/1.1" 200 6060
192.168.1.1 - - [20/Jan/2017:16:41:15 -0600] "GET /wordpress/wp-includes/css/buttons.min.css?ver=4.7.1 HTTP/1.1" 200 6361
192.168.1.1 - - [20/Jan/2017:16:41:15 -0600] "GET /wordpress/wp-admin/css/install.min.css?ver=4.7.1 HTTP/1.1" 200 5966
192.168.1.1 - - [20/Jan/2017:16:41:15 -0600] "GET /wordpress/wp-includes/css/dashicons.min.css?ver=4.7.1 HTTP/1.1" 200 46364
192.168.1.1 - - [20/Jan/2017:16:41:15 -0600] "GET /wordpress/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1 HTTP/1.1" 200 10056
192.168.1.1 - - [20/Jan/2017:16:41:15 -0600] "GET /wordpress/wp-includes/js/zxcvbn-async.min.js?ver=1.0 HTTP/1.1" 200 324
192.168.1.1 - - [20/Jan/2017:16:41:15 -0600] "GET /wordpress/wp-admin/js/password-strength-meter.min.js?ver=4.7.1 HTTP/1.1" 200 784
192.168.1.1 - - [20/Jan/2017:16:41:15 -0600] "GET /wordpress/wp-includes/js/underscore.min.js?ver=1.8.3 HTTP/1.1" 200 16410
192.168.1.1 - - [20/Jan/2017:16:41:15 -0600] "GET /wordpress/wp-includes/js/wp-util.min.js?ver=4.7.1 HTTP/1.1" 200 1046
192.168.1.1 - - [20/Jan/2017:16:41:15 -0600] "GET /wordpress/wp-includes/js/jquery/jquery.js?ver=1.12.4 HTTP/1.1" 200 97184
192.168.1.1 - - [20/Jan/2017:16:41:15 -0600] "GET /wordpress/wp-admin/js/user-profile.min.js?ver=4.7.1 HTTP/1.1" 200 6224
192.168.1.1 - - [20/Jan/2017:16:41:16 -0600] "GET /wordpress/wp-admin/images/wordpress-logo.svg?ver=20131107 HTTP/1.1" 200 1521
192.168.1.1 - - [20/Jan/2017:16:41:16 -0600] "GET /favicon.ico HTTP/1.1" 404 209
192.168.1.1 - - [20/Jan/2017:16:41:16 -0600] "GET /wordpress/wp-includes/js/zxcvbn.min.js HTTP/1.1" 200 698728
```

Upon close inspection Wireshark points me to this _keep-alive timeout=5 max=100





_At this point I increased timeout time in apache configuration but it didn't make any difference


```
KeepAlive on
KeepAliveTimeout 60
MaxKeepAliveRequests 100
TimeOut 600
```

Could this be related with the NAT and network settings? My gateway is a OpenWrt router ip 192.168.1.1, the Windows 10 HOST connects to it and bridges the connection with FreeBSD 10.3 Guest with ip 192.168.1.100 and the FreeBSD guest does NAT to the jails.

Here is my pf.conf


```
$ cat /etc/pf.conf
ext_if="em0"
jail_if="lo1"

IP_PUB="192.168.1.100"
IP_JAIL_bsdsrv1="10.1.0.1"

NET_JAIL="10.1.0.0/24"

#PORT_WWW="{80,443}"

scrub in all

# nat all jail traffic
nat pass on $ext_if from $NET_JAIL to any -> $IP_PUB

# WWW
#rdr pass on $ext_if proto tcp from any to $IP_PUB port $PORT_WWW -> $IP_JAIL_WWW

# Allow ICMP ping
pass inet proto icmp from any to any

# demo only, passing all traffic
pass out
pass in
```

While on my OpenWrt gw fw side I have


```
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -d 10.1.0.0/24 -j MASQUERADE
```

Lastly, here is my httpd.conf configuration should anyone wants to see it http://pastebin.com/Vk2ZsAXs . Again I have the same issue with nginx on the other jail and the problem reflect only with the HOST.

Thanks in advantage.


----------

