Sharing a ip between two jails

O

orjan-

Dabbler
Joined
Apr 17, 2018
Messages
20
I have two jails running, one of them a webserver with access from WAN with ip 10.0.0.200/255.255.255.0 on vnet0:bridge0 and the default 127.0.0.1 lo0 interface. The other jail is running a service that has a unprotected http interface, this jail is on 10.0.0.201/255.255.255.0 on vnet0:bridge0 and the default 127.0.0.1 lo0 interface. Both jail have default router set to 10.0.0.1.
I would like to create a shared internal ip between these two jails and bind the unprotected http service to this internal ip and set up a http proxy from the webserver jail to the jail with the unprotected http service in order to get access to it from the WAN and to add https and authentication.
The freenas interface is on 10.0.0.100/255.255.255.0 on em0.

I know how to set up the proxy in the webserver, but i have no clue about ip interfaces on the system and adding them in iocage. Can someone help me with the commands needed to set up an internal ip?
 
sretalla

sretalla

Powered by Neutrality
Moderator
Joined
Jan 1, 2016
Messages
9,703
Have a look at this.

Reverse Proxy using Caddy (with optional automatic TLS)

I've thought for a while that it would be nice to set up a reverse proxy in a jail to give easier access to many of the other apps I have installed in jails, without having to remember their port numbers. And it would be nice for the sake of security if it did TLS termination as well...
www.ixsystems.com www.ixsystems.com

A reverse proxy will handle all that, you will tell it the two different jail IPs and direct the router port forwarding to the reverse proxy IP.
 
O

orjan-

Dabbler
Joined
Apr 17, 2018
Messages
20
sretalla said:
Have a look at this.

Reverse Proxy using Caddy (with optional automatic TLS)

I've thought for a while that it would be nice to set up a reverse proxy in a jail to give easier access to many of the other apps I have installed in jails, without having to remember their port numbers. And it would be nice for the sake of security if it did TLS termination as well...
www.ixsystems.com www.ixsystems.com

A reverse proxy will handle all that, you will tell it the two different jail IPs and direct the router port forwarding to the reverse proxy IP.
Click to expand...
I dont want to bind the unprotected http service to the LAN ip of the jail. That's why i want to the create a extra internal(loopback?) ip shared between the jails instead.
 
sretalla

sretalla

Powered by Neutrality
Moderator
Joined
Jan 1, 2016
Messages
9,703
orjan- said:
I don't want to bind the unprotected http service to the LAN IP of the jail. That's why i want to the create a extra internal(loopback?) IP shared between the jails instead.
Click to expand...
It sounds like you don't understand what a reverse proxy is doing (it does what you are asking for).

Is it that you want to do it twice?

Do you really distrust your LAN so much?
If so, maybe you want to look at the second post and rest of the thread here: https://www.ixsystems.com/community/threads/ipfw-loading-rules-in-jail.26962/
With a firewall enabled in the jail, you could only allow the reverse proxy IP to talk to the services in the jails on the required port(s).
 
You must log in or register to reply here.

Similar threads

X
Networking Issue after migrating Warden jail to Iocage
Replies
0
Views
817
xaser
X
A
Setting Jails to use trunked VLANS
Replies
1
Views
887
dlavigne
D
Mannekino
Looking for clarification on the various network settings for jails and how to properly configure a static IP address
Replies
13
Views
2K
ascl
A
A
iocage, vnet0, and bridge0
2 3
Replies
51
Views
32K
bmp
B
Janus Ng
jail with static IP failed with an error "add net default: gateway 10.0.0.1 fib 0: Network is unreachable"
Replies
10
Views
4K
lan
L
Top