# Jail -- cannot reach from outside



## gpatrick (Sep 23, 2009)

After more reading I finally have a jail installed on 10.1.1.1 and was able to install Apache from ports from inside the jail.  However, I cannot reach it from outside.

Setup is a linksys router 192.168.100.1 as the gateway and the FreeBSD host has an IP of 192.168.100.100.  The jail is on lo1 with 10.1.1.1.  Linksys is not doing DHCP.

I have a nat rule and rdr rule in /etc/pf.conf:
nat on re0 from 10.1.1.0/24 to any -> (re0)
rdr on re0 proto tcp from 0/32 to any port 80 -> 10.1.1.1 

In the httpd.conf the ServerName is set like example.com and is listening on port 80.


----------



## SirDice (Sep 23, 2009)

You will need to configure your linksys router to forward port 80 to 192.168.100.100:80.

I would ditch the nat/rdr on the fbsd box however and attach the jail to re0 using a 192.168.100.0/24 address. That'll make it a bit easier to configure.


----------



## gpatrick (Sep 25, 2009)

Have a pf rule to allow only http traffic to 192.168.100.101 which is the re0_alias0? Block all other inbound traffic?


----------



## SirDice (Sep 25, 2009)

I never bother with firewalling my internal machines. They're behind a firewall on my internet gateway.


----------

