How do I open Ports on FreeNAS NIC?

[pirateghost]

The WebGUI IPV4 address is 192.168.1.100 (works perfectly inside or outside (by port forwarding) )
The Second NIC is configured with a static IP on the WAN side 24.239.xxx.xxx (as you can see from my scan it also responds)
The Second NIC can have an alias in the same subnet as the first IP.

Depasseg, I realize this is not rocket science. It should be simple. And No, there is nothing in the manual about having a way to get a port to listen on a second NIC.
Thanks for your patience, I am attempting something extremely simple. I want my OwnCloud to respond to an outside IP. I want my PlexMedia Server to respond to a WAN IP. Heck, I might have any number of things running on this server that I want to respond to a WAN IP. It just doesn't seem to work. I just do not know how.
Thanks,
Leroy

Jails have nothing to do with the web GUI of freenas....this is a ridiculous thread.

 

[Leroy_Weber]

So forward any outside port to whatever inside IP address and port that you want. Want external IP port 12345 to go to jail port 50, great, configure that. Want external port 65533 to go to webgui port 80, great, do that.

Well, I guess I'll give up.
I just re-read the original post and it very clearly says that I have added a new NIC (in "Network --> Interfaces --> Add Interface") and I need to connect port 80 traffic routed to that IP. Plain and simple. All of your instructions have been telling me what I already know. You have been telling me how the main FreeNAS NIC functions. (The one that is altered by "System --> General) Over and over. Sir, I am keenly aware how to cause the main FreeNAS NIC to respond as you are instructing. I always have been aware of that.

What I am asking about (over and over) is a NIC that is set up by "Network --> Interfaces --> Add Interface".

I would like to refer to your last post. Remember, the newly setup NIC has no router or any other equipment between it and the Internet. It functions properly as in the third "nmap" scan shown above.

Depasseg says "So forward any outside port to whatever inside IP address and port that you want. " With no router, exactly where do I "forward" a port?
Depasseg says "Want external IP port 12345 to go to jail port 50, great, configure that." With no router, exactly where do I "configure" that?
Depasseg says "Want external port 65533 to go to webgui port 80, great, do that." With no router, exactly where do I "do that"?

No, you are not being punk'd

Thank you

Leroy

 

[pirateghost]

Under your system settings, what IP is the freenas GUI listening on?

 

[Leroy_Weber]

Under your system settings, what IP is the freenas GUI listening on?

The FreeNAS GUI listens on 192.168.1.100

 

[Leroy_Weber]

Jails have nothing to do with the web GUI of freenas....this is a ridiculous thread.

Oh, I am keenly aware that Jails have nothing to do with the web GUI of FreeNAS. That is not what this post is about.

 

[pirateghost]

Oh, I am keenly aware that Jails have nothing to do with the web GUI of FreeNAS. That is not what this post is about.

But in another post you said you wanted the jails to show up on external IP addresses.... Make up your mind and be clear what you want!

 

[depasseg]

Depasseg says "So forward any outside port to whatever inside IP address and port that you want. " With no router, exactly where do I "forward" a port?
Depasseg says "Want external IP port 12345 to go to jail port 50, great, configure that." With no router, exactly where do I "configure" that?
Depasseg says "Want external port 65533 to go to webgui port 80, great, do that." With no router, exactly where do I "do that"?

Well if you had the main interface connected directly to the internet you wouldn't need to do anything. But it appears that you want your jails to use a second NIC, not the primary, so I suggest you look into that. I asked you about this in post #8.

 

[gpsguy]

How long would it take before it's pwned?:(

Well if you had the main interface connected directly to the internet you wouldn't need to do anything.

 

[pirateghost]

How long would it take before it's pwned?:(

Not long. Russia loves this guy.

 

[Jailer]

Remember, the newly setup NIC has no router or any other equipment between it and the Internet. It functions properly as in the third "nmap" scan shown above.

You can't do this and expect it to work without NAT. You'll need a NAT gateway and router of some sort between the NIC and the internet to translate public IP space to private IP space. There may be a way to treat the secondary NIC you have installed as WAN with NAT being handled by some other process in a jail and then proxy or vlan to other jails you want connected to the internet. But why bother with all that? Get a router and be done with it.

And exposing an NIC on on your box directly to the internet with no firewall of some sort in between is lunacy. I hope you have good backups.

 

[Leroy_Weber]

Well if you had the main interface connected directly to the internet you wouldn't need to do anything. But it appears that you want your jails to use a second NIC, not the primary, so I suggest you look into that. I asked you about this in post #8.

Thanks Depasseg,
You asked "Are you trying to access something installed in the jail, which has a different IP address and maybe that is why you don't get a response from the port scan?"
I apologize, I thought your question was more about "not getting a response from port scan" and not about Jails. I was getting a response from port scan (see nmap scan #3) and I was not thorough enough.

Yes, I would like to access a jail from the WAN but there seems to be no way to do this.
Please , Please ,Please follow this through:

Lets say you have an Owncloud server that is NOT on a FreeNAS Box. It will load on many platforms.
That server will let you access the OwnCloud services by the only port that OwnCloud will use. Port 80
You can setup (at GoDaddy) a domain called Depasseg.com and send it's DNS to your OwnCloud server at 123.456.789.123.
Then, you can go to any browser in the world and type http://depasseg.com (or the IP 123.456.789.123) and BOOM! there is your OwnCloud Login!

Now on a FreeNAS box:
Lets say you have a FreeNAS GUI on a local IP at port 80 (for security reasons you don't want a WAN IP here)
Lets say you have a Router on your WAN IP 123.456.789.1
Your router will respond at 123.456.789.1:8080 and you will see the Router GUI
If you type http://depasseg.com your router will not respond (because you set it at port 8080) Of course, if you set the routers listening port to 80, typing www.depasseg.com would get the router's GUI
If you type www.depasseg.com (or the IP of the DNS 123.456.789.123) the Owncloud server will not respond because the NIC added by "Network-->Interfaces--> Add Interface" will not listen on port 80. So, No OwnCloud GUI is shown.
Unfortunately, There is no way to specify a port in a DNS record. DNS Records always assume port 80. So if you wish to reach something at port 80 on your FreeNAS box, the NIC you have assigned the IP to must listen on port 80
It seems that any NIC assigned by "Network --> Interfaces --> Add Interface will listen on ports 21, 22, 111, 139, 643, 796, 873 and 949 by default but I do not know how to make it listen on port 80. Or, cause the OwnCloud Jail to affect this "listening".

If the Interface would listen on port 80, you could type "www.depasseg.com" and your FreeNAS Owncloud login would appear.

I realize I asked the original question (Post #1) incorrectly now. I should have said "listen on port" instead of "open port" but the issue is still the same.
Long way around the barn Depasseg, but the question is the same as it always has been: How do I get a NIC added by "Network --> Interfaces --> Add Interface" to listen on port 80?

If you (or others) just don't know the answer or I am going about this wrong (EG: I need to solve this in a Jail setup), please do not ridicule me. Please point me in the right direction or send me to someone that may help.

Many thanks,

Leroy

 

[pirateghost]

Holy crap dude.

The freenas GUI has nothing to do with the jails. Port 80 on freenas has literally NOTHING to do with anything running in jails. You absolutely CAN have a jail service running and public facing.

I don't think you fully understand networking in regards to how jails work. You're asking for opening up your FREENAS web GUI to the Internet. You never asked about actually forwarding to a jail IP or opening up a service running in a jail to the Internet.

 

[Jailer]

Wow, just wow.

Networking, proxy servers, firewalls, server hardening. <- research

 

[Leroy_Weber]

Holy crap dude.

The freenas GUI has nothing to do with the jails. Port 80 on freenas has literally NOTHING to do with anything running in jails. You absolutely CAN have a jail service running and public facing.

I don't think you fully understand networking in regards to how jails work. You're asking for opening up your FREENAS web GUI to the Internet. You never asked about actually forwarding to a jail IP or opening up a service running in a jail to the Internet.

Obviously, I must not understand how to accomplish this task. I really do appreciate the input. I was never asking how to open up the FreeNAS web GUI to the internet. That would be a security risk of monumental proportion. OK, How do I accomplish " forwarding to a jail IP or opening up a service running in a jail to the Internet?"

Please be specific.

Thank you,
Leroy

 

[pirateghost]

Obviously, I must not understand how to accomplish this task. I really do appreciate the input. I was never asking how to open up the FreeNAS web GUI to the internet. That would be a security risk of monumental proportion. OK, How do I accomplish " forwarding to a jail IP or opening up a service running in a jail to the Internet?"

Please be specific.

Thank you,
Leroy

That is exactly what you asked.

"How do I open port 80 on this new NIC that I added to the server?"

That is asking how to open up the freenas GUI to the Internet. Full stop.

If you want a jail to have a public IP, you give that jail a public IP for that jail. It has nothing to do with the freenas web GUI.

 

[depasseg]

Please , Please ,Please follow this through:

I've found a couple of possible misunderstandings in your "this is the owncloud standalone" and "this is the owncloud on freenas". The first issue is that in the first example, a router isn't mentioned. Was that intentional? i.e. is your intent to have the physical machine or freenas jail hosting owncloud connected directly to the internet.

The second issue is that it isn't clear to me whether you realize that the owncloud jail will have it's own IP address, therefore you can have both freenas port 80 and owncloud port 80 running.

Unfortunately, There is no way to specify a port in a DNS record

And as was mentioned somewhere, services like dyndns DO support redirection to a port.

DNS Records always assume port 80.

WRONG, DNS doesn't have anything to do with ports. by default http:// tries port 80. DNS just resolves a name to an ip address.

It seems that any NIC assigned by "Network --> Interfaces --> Add Interface will listen on ports 21, 22, 111, 139, 643, 796, 873 and 949 by default

Eeeehhhhh, wrong again. By default, adding a NIC has zero ports listening. It is only the services configured to use that interface that enable something listening. Like I said, on an out of the box install, the list of open ports is much shorter than that.

So go figure out how jails work, figure out how DNS works, and figure out how services/ports work and then try re-writing your 2 examples. Spoiler alert: there is no difference between a jail running owncloud on Freenas and a physical pc running owncloud if they are connected the same.

 

[jgreco]

Is @jgreco still on vacation... or is this him on vacation? ;)

Vacation is the pleasure of watching other people groan and shake their heads answering this sort of thread.

 

[depasseg]

Vacation is the pleasure of watching other people groan and shake their heads answering this sort of thread. :)

You have an odd definition of vacation. ;-)

 

[jgreco]

You have an odd definition of vacation. ;-)

Perhaps. There's kind of a thrill in reading something on tapatalk that I'd normally reply to and thinking instead, "someone else'll get to that first." Especially after this many years when I so rarely say anything technical that's new or even unusual...

 

[SweetAndLow]

Thanks Depasseg,
You asked "Are you trying to access something installed in the jail, which has a different IP address and maybe that is why you don't get a response from the port scan?"
I apologize, I thought your question was more about "not getting a response from port scan" and not about Jails. I was getting a response from port scan (see nmap scan #3) and I was not thorough enough.

Yes, I would like to access a jail from the WAN but there seems to be no way to do this.
Please , Please ,Please follow this through:

Lets say you have an Owncloud server that is NOT on a FreeNAS Box. It will load on many platforms.
That server will let you access the OwnCloud services by the only port that OwnCloud will use. Port 80
You can setup (at GoDaddy) a domain called Depasseg.com and send it's DNS to your OwnCloud server at 123.456.789.123.
Then, you can go to any browser in the world and type http://depasseg.com (or the IP 123.456.789.123) and BOOM! there is your OwnCloud Login!

Now on a FreeNAS box:
Lets say you have a FreeNAS GUI on a local IP at port 80 (for security reasons you don't want a WAN IP here)
Lets say you have a Router on your WAN IP 123.456.789.1
Your router will respond at 123.456.789.1:8080 and you will see the Router GUI
If you type http://depasseg.com your router will not respond (because you set it at port 8080) Of course, if you set the routers listening port to 80, typing www.depasseg.com would get the router's GUI
If you type www.depasseg.com (or the IP of the DNS 123.456.789.123) the Owncloud server will not respond because the NIC added by "Network-->Interfaces--> Add Interface" will not listen on port 80. So, No OwnCloud GUI is shown.
Unfortunately, There is no way to specify a port in a DNS record. DNS Records always assume port 80. So if you wish to reach something at port 80 on your FreeNAS box, the NIC you have assigned the IP to must listen on port 80
It seems that any NIC assigned by "Network --> Interfaces --> Add Interface will listen on ports 21, 22, 111, 139, 643, 796, 873 and 949 by default but I do not know how to make it listen on port 80. Or, cause the OwnCloud Jail to affect this "listening".

If the Interface would listen on port 80, you could type "www.depasseg.com" and your FreeNAS Owncloud login would appear.

I realize I asked the original question (Post #1) incorrectly now. I should have said "listen on port" instead of "open port" but the issue is still the same.
Long way around the barn Depasseg, but the question is the same as it always has been: How do I get a NIC added by "Network --> Interfaces --> Add Interface" to listen on port 80?

If you (or others) just don't know the answer or I am going about this wrong (EG: I need to solve this in a Jail setup), please do not ridicule me. Please point me in the right direction or send me to someone that may help.

Many thanks,

Leroy

This thread isn't worth responding to be I'm going to try something.

STOP STOP STOP and forget anything you think you know because it's wrong. Yes I know this sounds mean but work with me a little bit. What you need to do is explain to us what you want to have working. Don't talk about this nic/open port thing because that isn't what you need to do. I suspect you just want to install freenas and run plex and owncloud and be able to access them from outside your network. Is this right? If so lets start be getting them working inside your network. You need to do a fresh install of freenas because i suspect you have completely fubared everything so far. Then I want you to plug one ethernet cable into your router and that is it. Don't use 2 nic's and don't plug it into your WAN. Next setup all your services and configure freenas the way you want. After you have done that come back and we can help you make plex and owncloud accessible from the internet.