Jail does not have internet access

[newguy_815]

I am running a plex plugin and I am trying to enable remote access. I have not been able to enable it and access it through the network, and I believe the reason why is because the jail it exists on does not have access to the internet. I am not sure how to enable internet access for a jail, or how to test if it even has access to the internet. Let's start with getting the jail access to the internet, and hopefully that fixes my plex remote access issue. I'm running TrueNAS-12.0-U5.1. I'm not sure what other information is needed to help me with this, so please let me know what information about the server or jail you need. Please also inform me on how to get that information, as I know very little about TrueNAS.

 

[Whattteva]

Post the outputs of ifconfig netstat -r cat /etc/resolv.conf from the jail.

Also, explain the layout of your home network (subnet/router IP, etc.).

 

[newguy_815]

I have a router-modem device in bridge mode, which allows me to connect my own router to it. The truenas and plex server each have their own dedicated ip, and the router is set up to ensure no other devices can have those ip's. All other settings for the router are default, which also means no port forwarding is done.

The output of the command: ifconfig: interface netstat does not exist

I know the truenas server does (or at least it did) have access to the internet, as I was able to update both it and the plugin on it. Haven't updated both in quite a while since my home network changed, so maybe things are different now.

 

[Whattteva]

I have a router-modem device in bridge mode, which allows me to connect my own router to it. The truenas and plex server each have their own dedicated ip, and the router is set up to ensure no other devices can have those ip's. All other settings for the router are default, which also means no port forwarding is done.

The output of the command: ifconfig: interface netstat does not exist

I know the truenas server does (or at least it did) have access to the internet, as I was able to update both it and the plugin on it. Haven't updated both in quite a while since my home network changed, so maybe things are different now.

I'm sorry, I think I'm not being clear. I mean post the outputs of these 3 different commands executed separately:

• ifconfig
• netstat -r
• cat /etc/resolv.conf

Also, please execute those commands in the jail that is not working.

 

[Jailer]

other settings for the router are default, which also means no port forwarding is done

You must set up a port forward for plex if you want remote access.

 

[newguy_815]

I'm sorry, I think I'm not being clear. I mean post the outputs of these 3 different commands executed separately:

• ifconfig
• netstat -r
• cat /etc/resolv.conf

Also, please execute those commands in the jail that is not working.

Here's the results of the commands:

ifconfig:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
inet 127.0.0.1 netmask 0xff000000
groups: lo
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
pflog0: flags=0<> metric 0 mtu 33160
groups: pflog
epair0b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 0a:41:d4:31:41:eb
hwaddr 02:d9:5b:04:2e:0b
inet 192.168.1.201 netmask 0xffffff00 broadcast 192.168.1.255
groups: epair
media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
status: active
nd6 options=1<PERFORMNUD>

netstat -r:
Routing tables

Internet:
Destination Gateway Flags Netif Expire
default 192.168.1.1 UGS epair0b
localhost link#1 UH lo0
192.168.1.0/24 link#3 U epair0b
Plex link#3 UHS lo0

Internet6:
Destination Gateway Flags Netif Expire
::/96 localhost UGRS lo0
localhost link#1 UH lo0
::ffff:0.0.0.0/96 localhost UGRS lo0
fe80::/10 localhost UGRS lo0
fe80::%lo0/64 link#1 U lo0
fe80::1%lo0 link#1 UHS lo0
ff02::/16 localhost UGRS lo0


cat /etc/resolv.conf
# Generated by resolvconf
search local
nameserver 192.168.1.1
nameserver 4.2.2.2
nameserver 8.8.8.8

 

[Whattteva]

In the future, please post these outputs in CODE tags. It's hard to read without it.

So it looks like the jail is setup correctly and is getting 192.168.1.201 IP address with 192.168.1.1 as the gateway (which I assume is your router).

Next, can you do the following and post the outputs?

Code:

ping -c 2 192.168.1.1

Code:

ping -c 2 4.2.2.2

Code:

ping -c 2 8.8.8.8

Code:

host google.com

 

[newguy_815]

Sure. I'll be sure to do that from now on. So pinging 192.168.1.1 gives me this.

PING 192.168.1.1 (192.168.1.1): 56 data bytes ping: sendto: Host is down ping: sendto: Host is down --- 192.168.1.1 ping statistics --- 2 packets transmitted, 0 packets received, 100.0% packet loss

So the modem's gateway is 192.168.1.1. Even from my desktop (plugged into the router) I cannot access the modem. I need to be plugged directly into the modem to access it. The router I have plugged into the modem has a gateway of 192.168.1.2. Pinging that gives me

PING 192.168.1.2 (192.168.1.2): 56 data bytes 64 bytes from 192.168.1.2: icmp_seq=0 ttl=64 time=0.304 ms 64 bytes from 192.168.1.2: icmp_seq=1 ttl=64 time=0.512 ms --- 192.168.1.2 ping statistics --- 2 packets transmitted, 2 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 0.304/0.408/0.512/0.104 ms

ping -c 2 4.2.2.2 gives me

PING 4.2.2.2 (4.2.2.2): 56 data bytes --- 4.2.2.2 ping statistics --- 2 packets transmitted, 0 packets received, 100.0% packet loss

ping -c 2 8.8.8.8 gives me

PING 8.8.8.8 (8.8.8.8): 56 data bytes --- 8.8.8.8 ping statistics --- 2 packets transmitted, 0 packets received, 100.0% packet loss


host google.com gives me

;; connection timed out; no servers could be reached

 

[Whattteva]

It looks like you're using inline code instead of code. That's why your text looks like
this
instead of like

Code:

this

Sure. I'll be sure to do that from now on. So pinging 192.168.1.1 gives me this.

PING 192.168.1.1 (192.168.1.1): 56 data bytes ping: sendto: Host is down ping: sendto: Host is down --- 192.168.1.1 ping statistics --- 2 packets transmitted, 0 packets received, 100.0% packet loss

This is primarily the reason why you have no internet. The routing table suggests that the default gateway is 192.168.1.1, but it is unreachable. Thus, your traffic has nowhere to go.

So the modem's gateway is 192.168.1.1. Even from my desktop (plugged into the router) I cannot access the modem. I need to be plugged directly into the modem to access it. The router I have plugged into the modem has a gateway of 192.168.1.2. Pinging that gives me

PING 192.168.1.2 (192.168.1.2): 56 data bytes 64 bytes from 192.168.1.2: icmp_seq=0 ttl=64 time=0.304 ms 64 bytes from 192.168.1.2: icmp_seq=1 ttl=64 time=0.512 ms --- 192.168.1.2 ping statistics --- 2 packets transmitted, 2 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 0.304/0.408/0.512/0.104 ms

Is this ping from the jail or from another computer you're using?

ping -c 2 4.2.2.2 gives me

PING 4.2.2.2 (4.2.2.2): 56 data bytes --- 4.2.2.2 ping statistics --- 2 packets transmitted, 0 packets received, 100.0% packet loss

ping -c 2 8.8.8.8 gives me

PING 8.8.8.8 (8.8.8.8): 56 data bytes --- 8.8.8.8 ping statistics --- 2 packets transmitted, 0 packets received, 100.0% packet loss


host google.com gives me

;; connection timed out; no servers could be reached

All of these fails as expected because your 192.168.1.1 default gateway is not reachable.

It looks like you have done one of these two things:

• Static IP configuration with wrong gateway (should be 192.168.1.2)
• Double NAT going on somewhere.

Which one it is, would require more information on how the jail was setup and also probably ifconfig and netstat -r from the TrueNAS host console.

 

[pschatz100]

If you have your router/modem device in bridge mode, then that device is NOT your gateway. The gateway will be your router that is plugged into the bridge. Also, make certain the cable from your bridge is plugged into the WAN port on your router and use DHCP to configure the WAN access on your router.

If this is too confusing, then it would be best to draw a picture of your network and show the specific devices you are using.

 

[newguy_815]

If you have your router/modem device in bridge mode, then that device is NOT your gateway. The gateway will be your router that is plugged into the bridge. Also, make certain the cable from your bridge is plugged into the WAN port on your router and use DHCP to configure the WAN access on your router.

If this is too confusing, then it would be best to draw a picture of your network and show the specific devices you are using.

I understand what you're saying, and I can confirm it is set up this way. When I first made the server, the default gateway was 192.168.1.1. So I guess I'll have to change that in the sever/jail settings somehow.

 

[newguy_815]

It looks like you're using inline code instead of code. That's why your text looks like
this
instead of like

Code:

this

My apologies. I see the difference and will apply that going forward.

Is this ping from the jail or from another computer you're using?

All commands were done from the jail

It looks like you have done one of these two things:

• Static IP configuration with wrong gateway (should be 192.168.1.2)
• Double NAT going on somewhere.

It's likely the first one. When the sever was first set up long ago, my default gateway was 192.168.1.1. So all settings for the server and jail would have that applied. But it has since changed to 192.168.1.2, so some settings either in the server or jail (or both) might need to change.

Which one it is, would require more information on how the jail was setup and also probably ifconfig and netstat -r from the TrueNAS host console.

ifconfig:

Code:

igb0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: lan
        options=a520b9<RXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6>
        ether 24:4b:fe:5e:68:3b
        inet 192.168.1.200 netmask 0xffffff00 broadcast 192.168.1.255
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        nd6 options=9<PERFORMNUD,IFDISABLED>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
        inet 127.0.0.1 netmask 0xff000000
        groups: lo
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
pflog0: flags=0<> metric 0 mtu 33160
        groups: pflog
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 02:8c:8c:42:88:00
        id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
        maxage 20 holdcnt 6 proto stp-rstp maxaddr 2000 timeout 1200
        root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
        member: vnet0.1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 5 priority 128 path cost 2000
        member: igb0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 1 priority 128 path cost 20000
        groups: bridge
        nd6 options=1<PERFORMNUD>
vnet0.1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: associated with jail: Plex as nic: epair0b
        options=8<VLAN_MTU>
        ether 0a:41:d4:31:41:ea
        hwaddr 02:d9:5b:04:2e:0a
        groups: epair
        media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
        status: active
        nd6 options=1<PERFORMNUD>

netstat -r:

Code:

Routing tables

Internet:
Destination        Gateway            Flags     Netif Expire
default            192.168.1.1        UGS        igb0
localhost          link#2             UH          lo0
192.168.1.0/24     link#1             U          igb0
192.168.1.200      link#1             UHS         lo0

Internet6:
Destination        Gateway            Flags     Netif Expire
::/96              localhost          UGRS        lo0
localhost          link#2             UH          lo0
::ffff:0.0.0.0/96  localhost          UGRS        lo0
fe80::/10          localhost          UGRS        lo0
fe80::%lo0/64      link#2             U           lo0
fe80::1%lo0        link#2             UHS         lo0
ff02::/16          localhost          UGRS        lo0

Default gateway here is also 192.168.1.1. Is it as simple as somehow changing that to 192.168.1.2 for both the server and the jail?

 

[Whattteva]

My apologies. I see the difference and will apply that going forward.

All commands were done from the jail

It's likely the first one. When the sever was first set up long ago, my default gateway was 192.168.1.1. So all settings for the server and jail would have that applied. But it has since changed to 192.168.1.2, so some settings either in the server or jail (or both) might need to change.


ifconfig:

Code:

igb0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: lan
        options=a520b9<RXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6>
        ether 24:4b:fe:5e:68:3b
        inet 192.168.1.200 netmask 0xffffff00 broadcast 192.168.1.255
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        nd6 options=9<PERFORMNUD,IFDISABLED>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
        inet 127.0.0.1 netmask 0xff000000
        groups: lo
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
pflog0: flags=0<> metric 0 mtu 33160
        groups: pflog
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 02:8c:8c:42:88:00
        id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
        maxage 20 holdcnt 6 proto stp-rstp maxaddr 2000 timeout 1200
        root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
        member: vnet0.1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 5 priority 128 path cost 2000
        member: igb0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 1 priority 128 path cost 20000
        groups: bridge
        nd6 options=1<PERFORMNUD>
vnet0.1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: associated with jail: Plex as nic: epair0b
        options=8<VLAN_MTU>
        ether 0a:41:d4:31:41:ea
        hwaddr 02:d9:5b:04:2e:0a
        groups: epair
        media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
        status: active
        nd6 options=1<PERFORMNUD>

netstat -r:

Code:

Routing tables

Internet:
Destination        Gateway            Flags     Netif Expire
default            192.168.1.1        UGS        igb0
localhost          link#2             UH          lo0
192.168.1.0/24     link#1             U          igb0
192.168.1.200      link#1             UHS         lo0

Internet6:
Destination        Gateway            Flags     Netif Expire
::/96              localhost          UGRS        lo0
localhost          link#2             UH          lo0
::ffff:0.0.0.0/96  localhost          UGRS        lo0
fe80::/10          localhost          UGRS        lo0
fe80::%lo0/64      link#2             U           lo0
fe80::1%lo0        link#2             UHS         lo0
ff02::/16          localhost          UGRS        lo0

Default gateway here is also 192.168.1.1. Is it as simple as somehow changing that to 192.168.1.2 for both the server and the jail?

Does the TrueNAS host have internet? Can you check to see if host google.com works?

Is it also setup with static IP?

If it's just as you said (stale configuration), then yes, it could be as simple as just changing the default gateway.

 

[newguy_815]

Does the TrueNAS host have internet? Can you check to see if host google.com works?

No. Running that command in the server shell gives this result: ;; connection timed out; no servers could be reached

Is it also setup with static IP?

Yes. Both the jail and the server itself have a static ip.

If it's just as you said (stale configuration), then yes, it could be as simple as just changing the default gateway.

I'm not sure how to change that for the jail, unless it just needs to be changed for the server. I found this in Network/Global Configurations.

What's the difference between the 192.168.1.1 for DNS Servers and Default Gateway?

 

[Whattteva]

What's the difference between the 192.168.1.1 for DNS Servers and Default Gateway?

DNS is like a phone book. It converts Domain names like "google.com" into its actual IP address (142.251.40.206).
Without DNS, you would have to type https://142.251.40.206/ into your web browser instead of https://www.google.com/
It's not strictly true, but this is usually what people refer to when they say they have "no internet".
Default Gateway is what actually connects you to the wider internet. Think of it as the driveway in your house that connects you to the public road and allows you to drive out of your house.

In 99% of home users, your router is both the default gateway and the DNS server (forwarder more correctly). They can actually be different machines, but that is usually a conscious decision and would mean that you're technical enough to know that and configure it in a custom way like that. The vast majority of users would just take the default setup, which is your router hosting everything.

 

[newguy_815]

DNS is like a phone book. It converts Domain names like "google.com" into its actual IP address (142.251.40.206).
Without DNS, you would have to type https://142.251.40.206/ into your web browser instead of https://www.google.com/
It's not strictly true, but this is usually what people refer to when they say they have "no internet".
Default Gateway is what actually connects you to the wider internet. Think of it as the driveway in your house that connects you to the public road and allows you to drive out of your house.

In 99% of home users, your router is both the default gateway and the DNS server (forwarder more correctly). They can actually be different machines, but that is usually a conscious decision and would mean that you're technical enough to know that and configure it in a custom way like that. The vast majority of users would just take the default setup, which is your router hosting everything.

That fixed it. Thank you very much for your help. Both my server and the jail now have access to the internet. I can't get plex remote access to enable unfortunately, but perhaps that's a problem for another thread. Thanks again for your help.

 

[pschatz100]

I would refer you to the Plex forums for discussions about enabling remote access. Almost certainly your issue is going to be related related to your network and firewall settings. It is not a TrueNAS problem.

 

[Jailer]

I can't get plex remote access to enable unfortunately

https://www.truenas.com/community/threads/jail-does-not-have-internet-access.110748/#post-766139