How do I open Ports on FreeNAS NIC?

[Leroy_Weber]

I have a FreeNAS Server (9.3 Stable) that works great. I have added a new network interface the normal way through Network --> Interfaces --> Add Interface. My new interface (on a separate NIC) works good too. I can ping it from a WAN connection and everything! Now for the problem: I did a port scan on the new interface from the WAN side and the only ports that are open are 21, 22, 111, 139, 643, 796, 873 and 949. I can SSH into the FreeNAS box properly over Port 22. How do I open other ports directly in FreeNAS? I need to open port 80 on this NIC.

Please, I don't need a workaround here. I don't want advice that I should or shouldn't do this or advice that tells me to purchase an router and have it do this function. I just need to know how to open ports on a FreeNAS NIC.
Thanks in advance,

Leroy

 

[pirateghost]

Freenas does NOT block ports.
That would be a function of your network device. Not freenas.

 

[gpsguy]

In addition to what pirateghost said, try running your port scan on the LAN side of your network.


Sent from my phone

 

[Leroy_Weber]

Freenas does NOT block ports.
That would be a function of your network device. Not freenas.

Hmmm. What do you mean by "Network Device" ?

I know this is always difficult to answer questions with all of the possible configurations. So, Here is my configuration.

SuperMicro MoBo with 6 NIC's
FreeNas (9.3 Stable)
Nothing else running on this box except FreeNAS.
NIC #1 is the FreeNAS GUI connection with LAN IP
NIC #2 is the newly created NIC with WAN IP
I Configured a new network interface the normal way through Network --> Interfaces --> Add Interface. No Surprises.
I Connected NIC#2 directly to the Internet without a router or anything between the NIC and the planet. Port scanned only some open ports.
Before I added NIC #2 to FreeNAS there was no ping to the IP address. It was truly "unused" After I added NIC #2 The IP Address pinged, showing the hardware was there.

Just for a Laugh, I reversed all settings in NIC#1 and NIC#2 and then NIC#1 began blocking ports. NIC #2 had full access to the FreeNAS GUI (no ports blocked) so that is the test for the Hardware, Reversing it caused the problem to shift. Therefore all "Network Devices" passed.

So, to review: there is something in FreeNAS that will open only ports 21, 22, 111, 139, 643, 796, 873 and 949 on a new network interface added through "Add Interface"

If it is true that FreeNAS blocks NO ports - and I know (Because I have MANY other devices connected to my Service Provider) that the Service Provider is not blocking any ports, THEN how is it that ONLY ports 21, 22, 111, 139, 643, 796, 873 and 949 are open? Where can the blockage possibly be coming from?

Please try this. Add a NIC to your own FreeNAS and configure it as I did. Does your scan show all ports open?

Let's try to get this solved.

Thank You in Advance,
Leroy

 

[pirateghost]

Freenas does not implement any firewall or NAT.

I was referring to your 'router' as the network device. Since you aren't using a router, your issues lie in what nic/IP a service is listening on.

 

[depasseg]

there is something in FreeNAS that will open only ports 21, 22, 111, 139, 643, 796, 873 and 949 on a new network interface added through "Add Interface"

Define "Open" and "blocked". My guess is that those ports are the only ones responding, because they are are the only ones that have services listening on that interface. Can you post the output of your portscan in code tags?

 

[SweetAndLow]

Hmmm. What do you mean by "Network Device" ?

I know this is always difficult to answer questions with all of the possible configurations. So, Here is my configuration.

SuperMicro MoBo with 6 NIC's
FreeNas (9.3 Stable)
Nothing else running on this box except FreeNAS.
NIC #1 is the FreeNAS GUI connection with LAN IP
NIC #2 is the newly created NIC with WAN IP
I Configured a new network interface the normal way through Network --> Interfaces --> Add Interface. No Surprises.
I Connected NIC#2 directly to the Internet without a router or anything between the NIC and the planet. Port scanned only some open ports.
Before I added NIC #2 to FreeNAS there was no ping to the IP address. It was truly "unused" After I added NIC #2 The IP Address pinged, showing the hardware was there.

Just for a Laugh, I reversed all settings in NIC#1 and NIC#2 and then NIC#1 began blocking ports. NIC #2 had full access to the FreeNAS GUI (no ports blocked) so that is the test for the Hardware, Reversing it caused the problem to shift. Therefore all "Network Devices" passed.

So, to review: there is something in FreeNAS that will open only ports 21, 22, 111, 139, 643, 796, 873 and 949 on a new network interface added through "Add Interface"

If it is true that FreeNAS blocks NO ports - and I know (Because I have MANY other devices connected to my Service Provider) that the Service Provider is not blocking any ports, THEN how is it that ONLY ports 21, 22, 111, 139, 643, 796, 873 and 949 are open? Where can the blockage possibly be coming from?

Please try this. Add a NIC to your own FreeNAS and configure it as I did. Does your scan show all ports open?

Let's try to get this solved.

Thank You in Advance,
Leroy

This is GOLD!

 

[Mirfster]

Define "Open" and "blocked". My guess is that those ports are the only ones responding, because they are are the only ones that have services listening on that interface. Can you post the output of your portscan in code tags?

+1.... Ding Ding Ding Winner Winner

 

[depasseg]

So I ran an Nmap scan against my test Freenas box. The only 2 TCP ports that responded are 22 and 80. This makes sense, since I'm only running ssh and http. I enabled https, and as expected port 443 responded. My production box has a couple of other ports, because I'm running cifs, ftp and afp.

Are you trying to access something installed in the jail, which has a different IP address and maybe that is why you don't get a response from the port scan?

 

[Leroy_Weber]

So I ran an Nmap scan against my test Freenas box. The only 2 TCP ports that responded are 22 and 80. This makes sense, since I'm only running ssh and http. I enabled https, and as expected port 443 responded. My production box has a couple of other ports, because I'm running cifs, ftp and afp.

Are you trying to access something installed in the jail, which has a different IP address and maybe that is why you don't get a response from the port scan?

Thank you for sticking with this ,
Ok Here are the nmap scans outputs you asked for.

The Figure above is an nmap scan of the main WAN IP (the one the Frenas box is set up on) It ends in "61" Notice port 80 is open by virtue of the Linksys Router.

The Figure above is a scan of the LAN IP that is connected to the FreeNAS box. Notice Port 80 is open.

The Figure above is an nmap scan of the Secondary NIC I added by adding a NIC in Network --> Interfaces --> Add Interface. (It is the one ending in "76") Notice that port 80 is closed.
This Interface has NO router and is connected directly to the Internet. My question is (as always) How do I open port 80 on this interface?

I notice in your last reply you said "I enabled https, and as expected port 443 responded." Well, just exactly HOW did you do that? It seems this is my entire problem! I need to open any port I want!
As the title of this thread asks ...... "How do I open ports on a FreeNAS NIC?"

I must be missing something extremely simple.

As always,
Thanks in advance,
Leroy

 

[pirateghost]

Thank you for sticking with this ,
Ok Here are the nmap scans outputs you asked for.

View attachment 10729
The Figure above is an nmap scan of the main WAN IP (the one the Frenas box is set up on) It ends in "61" Notice port 80 is open by virtue of the Linksys Router.

View attachment 10730

The Figure above is a scan of the LAN IP that is connected to the FreeNAS box. Notice Port 80 is open.

View attachment 10732

The Figure above is an nmap scan of the Secondary NIC I added by adding a NIC in Network --> Interfaces --> Add Interface. (It is the one ending in "76") Notice that port 80 is closed.
This Interface has NO router and is connected directly to the Internet. My question is (as always) How do I open port 80 on this interface?

I notice in your last reply you said "I enabled https, and as expected port 443 responded." Well, just exactly HOW did you do that? It seems this is my entire problem! I need to open any port I want!
As the title of this thread asks ...... "How do I open ports on a FreeNAS NIC?"

I must be missing something extremely simple.

As always,
Thanks in advance,
Leroy

You don't 'open ports'.

Check your settings for your web interface and verify it is listening on all ETH devices or on 0.0.0.0.

I really hope you understand the implications of this configuration...

 

[depasseg]

Well, just exactly HOW did you do that? It seems this is my entire problem! I need to open any port I want!

Did you read what I wrote. I said I enabled HTTPS. There is no open or closed. There is just listening or not listening. Look on the system->general tab.

And make sure you have backups, because exposing both your router and freenas on port 80 is a really bad idea.

 

[Leroy_Weber]

Thanks depasseg,
I think I see what you did. You simply went to the web GUI in FreeNAS and enabled HTTPS. I know that will listen on 443. I am familiar with the WEB GUI and how it works. You may also note in the port scan (the one of the FreeNAS box) the IP is listening on port 80 because I told the System --> General Tab to do so.

And now I think I have the correct terminology. I should NOT have asked "How do I open ports?" I should have asked "How do I cause a NIC to listen on a certain port? "

I also apologize because I thought you did what I was asking and you had a different result than I did. In an earlier post I asked "Please try this: Add a NIC to your own FreeNAS and configure it as I did. Does your scan show all ports open?" If I am correct, you did not add a NIC to your system and configure it for WAN Access. That would explain how you were able to listen on port 443 so easily.

So I guess my original question has changed. How do I cause a new NIC to listen on any port?

Thanks,
Leroy

 

[depasseg]

Check your settings for your web interface and verify it is listening on all ETH devices or on 0.0.0.0.

Look on the system->general tab.

 

[Leroy_Weber]

Thanks Depasseg,

Maybe my GUI does not work properly. Any changes I make to listening ports in System--> General only affect the NIC that FreeNAS is running on. (NIC#1).
If I add a NIC in Network--> Add Interfaces (say, NIC#2), changes in the GUI under System--> General do not affect the new NIC. I would think that was proper operation.
What do you think?

As pirateghost wrote, How do I "Check your settings for your web interface and verify it is listening on all ETH devices or on 0.0.0.0." ?

 

[depasseg]

What is your webGUI IPv4 address? You have 2 options. 0.0.0.0 means all ip addresses or you can choose one of your configured IP Addresses.

This is not freakin rocket science. A NIC isn't a magical being. Just give it an IP address and enable the right services and protocols. And before you think there is some other conspiracy, the system will not allow you to have 2 ip addresses in the same subnet. So make sure your second NIC abides by that.

Come one, I'm trying to be patient, but you are really making this difficult. I bet there is even a section in the manual about this.

 

[Leroy_Weber]

The WebGUI IPV4 address is 192.168.1.100 (works perfectly inside or outside (by port forwarding) )
The Second NIC is configured with a static IP on the WAN side 24.239.xxx.xxx (as you can see from my scan it also responds)
The Second NIC can have an alias in the same subnet as the first IP.

Depasseg, I realize this is not rocket science. It should be simple. And No, there is nothing in the manual about having a way to get a port to listen on a second NIC.
Thanks for your patience, I am attempting something extremely simple. I want my OwnCloud to respond to an outside IP. I want my PlexMedia Server to respond to a WAN IP. Heck, I might have any number of things running on this server that I want to respond to a WAN IP. It just doesn't seem to work. I just do not know how.
Thanks,
Leroy

 

[Mirfster]

Is @jgreco still on vacation... or is this him on vacation? ;)

 

[depasseg]

I have a FreeNAS Server (9.3 Stable) that works great. I have added a new network interface the normal way through Network --> Interfaces --> Add Interface. My new interface (on a separate NIC) works good too. I can ping it from a WAN connection and everything! Now for the problem: I did a port scan on the new interface from the WAN side and the only ports that are open are 21, 22, 111, 139, 643, 796, 873 and 949. I can SSH into the FreeNAS box properly over Port 22. How do I open other ports directly in FreeNAS? I need to open port 80 on this NIC.

Please, I don't need a workaround here. I don't want advice that I should or shouldn't do this or advice that tells me to purchase an router and have it do this function. I just need to know how to open ports on a FreeNAS NIC.
Thanks in advance,

Leroy

Where in this original post does it mention anything about jails? Where did that come from. Why did I just spend the past how many messages guiding you about to add an address for the webgui to listen on?

I am attempting something extremely simple. I want my OwnCloud to respond to an outside IP. I want my PlexMedia Server to respond to a WAN IP. Heck, I might have any number of things running on this server that I want to respond to a WAN IP. It just doesn't seem to work. I just do not know how.

So forward any outside port to whatever inside IP address and port that you want. Want external IP port 12345 to go to jail port 50, great, configure that. Want external port 65533 to go to webgui port 80, great, do that.

 

[depasseg]

Is @jgreco still on vacation... or is this him on vacation? ;)

Is that Ashton Kutcher? Am I being punk'd?