I am trying PHP, Apache, MySQL stack on FreeBSD. I created two jails in one FreeBSD host. I installed PHP, Apache in one jail and MySQL Server in another. All these components working fine in their own jail. My target is to host a PHP application which will communication with MySQL which located in another jail. For these I need to establish connection between these jails.
Following is my /etc/rc.conf -
ec2_configinit_enable=YES
ec2_fetchkey_enable=YES
ec2_ephemeralswap_enable=YES
ec2_loghostkey_enable=YES
firstboot_freebsd_update_enable=YES
firstboot_pkgs_enable=YES
growfs_enable="YES"
ifconfig_DEFAULT="SYNCDHCP"
sshd_enable="YES"
firstboot_pkgs_list="awscli"
openntpd_enable="YES"
cloned_interfaces="lo1"
ifconfig_lo1="inet 172.16.1.1 netmask 255.255.255.0"
ifconfig_lo1_alias0="inet 172.16.1.2 netmask 255.255.255.255"
ifconfig_lo1_alias1="inet 172.16.1.3 netmask 255.255.255.255"
pf_enable="YES"
ezjail_enable="YES"
rpcbind_enable="NO"
cron_flags="$cron_flags -J 15"
syslogd_flags="-ss"
sendmail_enable="NONE"
clear_tmp_enable="YES"
And my /etc/pf.conf is -
ext_if = "xn0"
int_if = "lo1"
jail_net = $int_if:network
WEBSERVER = "172.16.1.1"
WEBSERVER_TCP_PORTS = "{ 80, 443}"
DBSERVER2 = "172.16.1.3"
DBSERVER_TCP_PORTS = "{ 3306 }"
nat on $ext_if from $jail_net to any -> ($ext_if)
rdr pass on $ext_if inet proto tcp to port $WEBSERVER_TCP_PORTS -> $WEBSERVER
rdr pass on $ext_if inet proto tcp to port $DBSERVER_TCP_PORTS -> $DBSERVER2
block all
pass from { lo0, $jail_net } to any keep state
pass in inet proto tcp to $ext_if port ssh
pass out all keep state
Need idea to connect one jail to another jails MySQL server.
On my rc.conf I only have:
cloned_interfaces="lo1"
Then with the command:
ezjail-admin create mysql 'lo1|172.16.1.2'
I create the mysql jail and automatically ip 172.16.1.2 brings up on lo1 when the jail is started.
On my pf.con i don't filter on the cloned interface:
set skip on lo1