Forward FreeNAS port to jail?

Status
Not open for further replies.
Joined
Jan 18, 2016
Messages
2
Hello, all. This is (hopefully) a quick question.

I need to create a jail on a FreeNAS server, install a database on the jail, and then have that database be externally accessible. I feel like it ought to be possible to invoke some arcane ipfw command to accomplish this, but I can't figure it out for the life of me.

The difficulty is that I have a FreeNAS server (v9.3-stable) with a single, statically allocated external IP address. There is no DHCP server. The server is in a datacenter, so installing custom routers is not possible. That means my jail must somehow share the host's network interface.

Some more details:

The FreeNAS server is 192.168.24.42. I have created a jail on the server, and using the NAT option during jail creation, have given it the (fake) IP address of 192.168.24.43. (This worked fine; from within the jail I can connect to anywhere on the internet, with traffic appearing to originate from 192.168.24.42). I have installed a mongo database on the jail. It's happily running and accepting traffic; I can SSH to the FreeNAS server, and from there I can connect to the database. But of course, I cannot access 192.168.24.43 from anywhere outside the FreeNAS server, since the datacenter does not route .43 traffic to my FreeNAS server.

So: I think I need to forward port 27017 on the FreeNAS server to port 27017 on the jail. But I cannot figure out how to do this, because of the combination of NAT'ing and port forwarding.

Here's my current ipfw config:
# ipfw list
00100 allow ip from any to any via lo0
00200 nat 100 ip from any to 192.168.24.42 in recv igb0
00300 nat 100 ip from 192.168.24.43 to any out xmit igb0
65535 allow ip from any to any

I have tried various combinations of things like
ipfw add fwd 127.0.0.1,27017 tcp from any to 192.168.24.43 27017 in

but it does not appear to do anything useful.

Any help would be appreciated. Thanks!

David
 

pirateghost

Unintelligible Geek
Joined
Feb 29, 2012
Messages
4,219
I'm not sure what kind of hosting data center you have but all of them I have had gear in allow routers and layer 3 switches.

I'm not sure about getting the forward working but I have to wonder how safe your data actually is with a public facing IP. Perhaps @jgreco can lend a hand with the NAT stuff.
 

Jailer

Not strong, but bad
Joined
Sep 12, 2014
Messages
4,975
Last edited:
Status
Not open for further replies.
Top