David Wingate
Cadet
- Joined
- Jan 18, 2016
- Messages
- 2
Hello, all. This is (hopefully) a quick question.
I need to create a jail on a FreeNAS server, install a database on the jail, and then have that database be externally accessible. I feel like it ought to be possible to invoke some arcane ipfw command to accomplish this, but I can't figure it out for the life of me.
The difficulty is that I have a FreeNAS server (v9.3-stable) with a single, statically allocated external IP address. There is no DHCP server. The server is in a datacenter, so installing custom routers is not possible. That means my jail must somehow share the host's network interface.
Some more details:
The FreeNAS server is 192.168.24.42. I have created a jail on the server, and using the NAT option during jail creation, have given it the (fake) IP address of 192.168.24.43. (This worked fine; from within the jail I can connect to anywhere on the internet, with traffic appearing to originate from 192.168.24.42). I have installed a mongo database on the jail. It's happily running and accepting traffic; I can SSH to the FreeNAS server, and from there I can connect to the database. But of course, I cannot access 192.168.24.43 from anywhere outside the FreeNAS server, since the datacenter does not route .43 traffic to my FreeNAS server.
So: I think I need to forward port 27017 on the FreeNAS server to port 27017 on the jail. But I cannot figure out how to do this, because of the combination of NAT'ing and port forwarding.
Here's my current ipfw config:
I have tried various combinations of things like
but it does not appear to do anything useful.
Any help would be appreciated. Thanks!
David
I need to create a jail on a FreeNAS server, install a database on the jail, and then have that database be externally accessible. I feel like it ought to be possible to invoke some arcane ipfw command to accomplish this, but I can't figure it out for the life of me.
The difficulty is that I have a FreeNAS server (v9.3-stable) with a single, statically allocated external IP address. There is no DHCP server. The server is in a datacenter, so installing custom routers is not possible. That means my jail must somehow share the host's network interface.
Some more details:
The FreeNAS server is 192.168.24.42. I have created a jail on the server, and using the NAT option during jail creation, have given it the (fake) IP address of 192.168.24.43. (This worked fine; from within the jail I can connect to anywhere on the internet, with traffic appearing to originate from 192.168.24.42). I have installed a mongo database on the jail. It's happily running and accepting traffic; I can SSH to the FreeNAS server, and from there I can connect to the database. But of course, I cannot access 192.168.24.43 from anywhere outside the FreeNAS server, since the datacenter does not route .43 traffic to my FreeNAS server.
So: I think I need to forward port 27017 on the FreeNAS server to port 27017 on the jail. But I cannot figure out how to do this, because of the combination of NAT'ing and port forwarding.
Here's my current ipfw config:
# ipfw list
00100 allow ip from any to any via lo0
00200 nat 100 ip from any to 192.168.24.42 in recv igb0
00300 nat 100 ip from 192.168.24.43 to any out xmit igb0
65535 allow ip from any to any
00100 allow ip from any to any via lo0
00200 nat 100 ip from any to 192.168.24.42 in recv igb0
00300 nat 100 ip from 192.168.24.43 to any out xmit igb0
65535 allow ip from any to any
I have tried various combinations of things like
ipfw add fwd 127.0.0.1,27017 tcp from any to 192.168.24.43 27017 in
but it does not appear to do anything useful.
Any help would be appreciated. Thanks!
David