# HTTP not routing through Firewall?



## Steven_R (Jul 31, 2012)

Following the suggestions by others and the documentation I have managed to get an ezjail configuration set up on a FreeBSD 9 Home Server.

From the console of the FreeBSD 9 Server (p4) I am able to use Lynx to view the page of a test site residing within the jail (http://test.dev).

My problem comes into accessing the same from another pc on the same subnet as the Server (p4).

Could someone more experienced with these offer some ideas as to how to get this to communicate? Am I having trouble with the firewall? 

Notes for the following:
p4 = FreeBSD9 Server (10.0.0.3)
wp = jailed webserver (10.0.1.3)
MYDOMAIN = substitution -> domain name not shown (not sure if appropriate to show domains)

Following are some of the configuration files:


```
p4# cat /etc/rc.conf 
#for jails
  cloned_interfaces="lo1"
  # wordpress jailed server
  ifconfig_lo1="inet 10.0.1.3 netmask 255.255.255.0"

  # enable port forwarding and packet filtering
  pf_enable="YES"
  pf_rules="/etc/pf.conf"

  # Jails
  ezjail_enable="YES"

#for system
hostname="p4.MYDOMAIN.com"
ifconfig_sk0=" inet 10.0.0.3 netmask 255.255.255.0"
defaultrouter="10.0.0.1"
sshd_enable="YES"
moused_enable="YES"
ntpd_enable="YES"
powerd_enable="YES"
# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
dumpdev="NO"
apache22_enable="YES"
```



```
p4# cat /etc/pf.conf

#INTERFACES
ext_if="sk0"
int_if="lo1"
jailnet=$int_if:network

#NAT
nat on $ext_if from $jailnet to any -> ($ext_if)
```


```
p4# cat /etc/pound.conf 
# wp.MYDOMAIN.com

User        "pound"
Group       "pound"
LogFacility daemon
LogLevel    4
Alive       30
Client      10
TimeOut     10
Grace       10

ListenHTTP
Address 10.0.0.3
#   Address    127.0.0.1
   CheckURL   "(^\/|\.php|\.html|\.css|\.jpg|favicon\.ico|robots\.txt|\.png)$"
   HeadRemove "X-Forwarded-For" 
   MaxRequest 1024 
   Port       8081
#   Port       80
   xHTTP      0

#   Err414 "/var/www/htdocs/error/generic_error_page"
#   Err500 "/var/www/htdocs/error/generic_error_page"
#   Err501 "/var/www/htdocs/error/generic_error_page"
#   Err503 "/var/www/htdocs/error/generic_error_page"

   Service
      HeadRequire "(Host: test.dev)"
      BackEnd
         Address  10.0.1.3
         Port     8080
      End
      Emergency
       Address    10.0.0.3
       Port       8888
      End
   End
End
```


```
p4# netstat
Active Internet connections
Proto Recv-Q Send-Q Local Address          Foreign Address        (state)
tcp4       0      0 10.0.0.3.20202         10.0.0.2.43315         ESTABLISHED
tcp4       0      0 10.0.0.3.20202         10.0.0.2.43183         ESTABLISHED
udp4       0      0 test.dev.syslog        *.*                    
udp4       0      0 10.0.1.4.ntp           *.*                    
udp4       0      0 test.dev.ntp           *.*                    
udp4       0      0 localhost.ntp          *.*                    
udp4       0      0 10.0.0.3.ntp           *.*
```


----------



## SirDice (Aug 1, 2012)

Turn on routing, add to /etc/rc.conf:

```
gateway_enable="YES"
```


----------

