# Apache + Jail + 2 public IP = little problem



## grrr (Dec 25, 2009)

Hi

I have little problem with apache and networking on my jail


FreeBSD 8.0 RELEASE + security updates

I`ve created jail for my http server, set up apache in jail and sshd but, i cant reach them from outside world 

2 Public IP`s on 1 if, xxx.xxx.xxx.23 and yyy.yyy.yyy.25 set as alias.

Networking in jail works fine, i`ve build from ports apache and staff, i can ping sth and it works but when i want to connect from my home to that jail it dosnt work, when i connect from lan to that jail it works ( for ex from aaa.aaa.aaa.24 )

When i rdr 80 tcp port from xxx.xxx.xxx.23 to yyy.yyy.yyy.25 apache works when i open xxx.xxx.xxx.23 ( from my home )

Can someone help my with this problem ?;-)

When i try connect from jail for ex. to ssh at xxx.xxx.xxx.24 i get :

"Host key verification failed."

Sorry for my english


----------



## Anonymous (Dec 26, 2009)

xxx.xxx.xxx.xxx25 doesnt seem to be xxx.xxx.xxx.24 or xxx.xxx.xxx.26, but I'm guessing it's a typo. what happens when you try to ping the interface or telnet to port 80 or 22?


----------



## grrr (Dec 26, 2009)

both IP`s replies pings requests :xxx.xxx.xxx.23 and xxx.xxx.xxx.25 from my home

when i try ssh at xxx.xxx.xxx.25 from home i get " Connection time out", ssh at xxx.xxx.xxx.23 works great.


----------



## Anonymous (Dec 26, 2009)

So on xxx.xxx.xxx.23 you are able to ssh and view your website but when you try to do the same using the alias you get a timeout and aren't able to view the site? What's are the netmasks you are using for the two ip addresses? Have you restarted the server?


----------



## grrr (Dec 26, 2009)

Have you restarted the server?  <--- Yes 

What's are the netmasks you are using for the two ip addresses?  <--- Same netmasks 

-------------------
|   FreeBSD box   |
-------------------

from /etc/rc.conf

```
ifconfig_rl0="inet xxx.xxx.xxx.23  netmask 255.255.255.0"
ifconfig_rl0_alias0="inet xxx.xxx.xxx.25 netmask 255.255.255.0"
sshd_enable="YES" #<---- Listen xxx.xxx.xxx.23
jail_enable="YES"
jail_list="www"
jail_www_rootdir="/usr/Jails/www"
jail_www_hostname="www"
jail_www_ip="xxx.xxx.xxx.25"
jail_www_devfs_enable="YES"
jail_www_devfs_ruleset="devfsrules_jail"
```
 
Jail www

cat /etc/rc.conf


```
network_interfaces=""
sshd_enable="YES" #<--- Listen xxx.xxx.xxx.25
sendmail="NONE"
rpcbind_enable="NO"
```

From jail enviroment i see only xxx.xxx.xxx.25 @ rl0 if 

Now, when i want to connect from home it works only ssh to xxx.xxx.xxx.23.

If i start apache at xxx.xxx.xxx.25 [jail] and try connect from home... i get timeout, same thing when ssh but, when i rdr ports from xxx.xxx.xxx.23 [ host ] port 80 -> xxx.xxx.xxx.25 [jail]-> 80 with pf ( rdr on $ext_if proto tcp from any to xxx.xxx.xxx.23 port 80 -> xxx.xxx.xxx.25 port 80 ) apache works great, i can see my websites from home. But i dont wanna make rdr to jail becouse i have to use both IP`s with other apache installation


----------



## Anonymous (Dec 26, 2009)

try using netmask 255.255.255.255 on the alias
ref http://www.cyberciti.biz/tips/freebsd-how-to-setup-2-ip-address-on-one-nic.html


----------



## grrr (Dec 26, 2009)

with netmask 255.255.255.255 also not working


----------



## ahankinson (Dec 26, 2009)

A timeout when connecting sounds like it might be a firewall problem. Do you have any special rules for pf on port 80 other than the rdr? Could you also post your ifconfig?

I've seen the "Host key verification failed." if I'm logged in the root console of a jail and try to SSH out. Usually logging in as another user fixes it.


----------



## grrr (Dec 26, 2009)

mmm and i "solve" this problem, ISP from with i have public IP screw firewall configuration and only pass traffic to one IP xxx.xxx.xxx.23. :/ 

ssh problem solve too, ssh client dosent work when i jexec to shell and trying to make a ssh connection to another host  thanks a lot for help


----------

