Accesss NRPE@jail from the Internet

Status
Not open for further replies.
I

Irina Liakh

Cadet
Joined
May 18, 2016
Messages
9
Hello everyone!

I have NRPE daemon installed and running on a jail, and I need to access it from the Internet. Since there is no dedicated router that can do port forwarding for the jail, I suppose I need port forwarding on the FreeNAS itself. I tried these ipfw rules:

ipfw show:
00110 18 3772 nat 110 tcp from any to $NAS_IP dst-port 5666
00111 28 7776 nat 110 tcp from $JAIL_IP 5666 to any

ipfw nat show config:
ipfw nat 110 config log redirect_addr $JAIL_IP $NAS_IP

(NAS_IP is a public IP address and JAIL_IP is a private IP address).

All is working fine but there is a problem: how to keep these ipfw rules through FreeNAS reboot and through the jail restart?

The more general question is: what is the most legitime way to set up NRPE on FreeNAS visible from the Internet while there is no any router to portforward to the jail private IP, and there is no additional public IP?
 
Last edited:
D

dlavigne

Guest
how to keep these ipfw rules through FreeNAS reboot and through the jail restart?

The more general question is: what is the most legitime way to set up NRPE on FreeNAS visible from the Internet while there is no any router to portforward to the jail private IP, and there is no additional public IP?
Click to expand...

There isn't as FreeNAS is not designed to do this and this is considered to be an unsupported scenario.
 
pirateghost

pirateghost

Unintelligible Geek
Joined
Feb 29, 2012
Messages
4,219
You don't have a router?

And your FreeNAS is directly attached to the Internet?
 
pirateghost

pirateghost

Unintelligible Geek
Joined
Feb 29, 2012
Messages
4,219
Irina Liakh said:
Thank you! Will use a workaround.

Direct attach implies a router as well ;)
Of course, there is a router ahead, but it does not imply customizing such as port forwarding.
Click to expand...
Then how do you access your FreeNAS over the internet?

If you are natted, you have to forward a port to get to a service.
 
danb35

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,504
Irina Liakh said:
Why not?
Click to expand...
Because presumably you don't want @Russian Mafia pwning your system. FreeNAS is not designed or hardened to be directly exposed to the Internet, and should only be used behind a firewall.
 
I

Irina Liakh

Cadet
Joined
May 18, 2016
Messages
9
danb35, thank you for your attention.
Direct access (as opposed to NATted access) does not automatically imply that there is no any firewall ahead.
 
pirateghost

pirateghost

Unintelligible Geek
Joined
Feb 29, 2012
Messages
4,219
You're going to have to provide a whole lot more details as to your network layout. You're being very vague on your setup.
 
I

Irina Liakh

Cadet
Joined
May 18, 2016
Messages
9
Already figured out (see the very first reply on the starttopic).
Wonder why you were asking all your questions.
 
I

Irina Liakh

Cadet
Joined
May 18, 2016
Messages
9
pirateghost said:
It was to determine if there was a better option available to you.
Click to expand...
Thank you! But I mentioned that there is no way to configure NAT on routers. There is no way to modify net topology either. Sorry if it was not clear at once.
So the only place I can affect is the FreeNAS itself, isn't it?
 
Status
Not open for further replies.

Similar threads

D
  • Locked
Forward FreeNAS port to jail?
Replies
2
Views
2K
Jailer
Jailer
KEvinn
  • Locked
Firewall wont allow local access
Replies
2
Views
1K
KEvinn
KEvinn
A
  • Locked
OpenVPN Server in a FreeBSD 9.2 Jail Routing/NAT Issues
Replies
11
Views
12K
madmax
M
J
Can connect to OpenVPN from the web, can't access home LAN.
Replies
9
Views
8K
jailnoob
J
Michael Wulff Nielsen
  • Locked
Block those pesky SSH logins
2
Replies
25
Views
9K
ac milton
A
Top