SOLVED New VPN, lost jail access

[cdiddy]

Please let me know what extra info I can provide to help solve this. I use a VPN server to access my network while out and about.

I recently changed from openvpn server running in a jail to using my Firewalla Gold router to VPN into my network.

Previously, I had no problem access any host on my network, including services running in jails... Now I can't seem to access the jailed services... Except for the two remaining plugins I have. Every other host on my network is accessible, but not a service running in a standard jail.

I can't seem to see what is different about the plugin jail I can access via VPN and the standard jail I can't.

 

[Patrick M. Hausen]

Do your jails have a default gateway set?

 

[cdiddy]

Default Router is set to "auto" on all of them, this seems to be the default setting. I tried changing a couple jails' default router to the IP address of my router, but that does not seem to have made a difference.

 

[Patrick M. Hausen]

Please post the output of iocage get all <jailname> for one of the jails that are not reachable.

 

[cdiddy]

Code:

CONFIG_VERSION:28
allow_chflags:0
allow_mlock:1
allow_mount:0
allow_mount_devfs:0
allow_mount_fusefs:0
allow_mount_nullfs:0
allow_mount_procfs:0
allow_mount_tmpfs:0
allow_mount_zfs:0
allow_quotas:0
allow_raw_sockets:1
allow_set_hostname:1
allow_socket_af:0
allow_sysvipc:0
allow_tun:0
allow_vmm:0
assign_localhost:0
available:readonly
basejail:0
boot:1
bpf:1
children_max:0
cloned_release:13.1-RELEASE
comment:none
compression:lz4
compressratio:readonly
coredumpsize:off
count:1
cpuset:off
cputime:off
datasize:off
dedup:off
defaultrouter:10.0.0.1
defaultrouter6:auto
depends:none
devfs_ruleset:4
dhcp:0
enforce_statfs:1
exec_clean:1
exec_created:/usr/bin/true
exec_fib:0
exec_jail_user:root
exec_poststart:/usr/bin/true
exec_poststop:/usr/bin/true
exec_prestart:/usr/bin/true
exec_prestop:/usr/bin/true
exec_start:/bin/sh /etc/rc
exec_stop:/bin/sh /etc/rc.shutdown
exec_system_jail_user:0
exec_system_user:root
exec_timeout:60
host_domainname:none
host_hostname:radarr4
host_hostuuid:radarr4
host_time:1
hostid:00000000-0000-0000-0000-ac1f6b026e6a
hostid_strict_check:0
interfaces:vnet0:bridge0
ip4:new
ip4_addr:10.0.0.78
ip4_saddrsel:1
ip6:new
ip6_addr:none
ip6_saddrsel:1
ip_hostname:0
jail_zfs:0
jail_zfs_dataset:iocage/jails/radarr4/data
jail_zfs_mountpoint:none
last_started:2023-09-29 12:37:55
localhost_ip:none
login_flags:-f root
mac_prefix:ae1f6b
maxproc:off
memorylocked:off
memoryuse:off
min_dyn_devfs_ruleset:1000
mount_devfs:1
mount_fdescfs:1
mount_linprocfs:0
mount_procfs:0
mountpoint:readonly
msgqqueued:off
msgqsize:off
nat:0
nat_backend:ipfw
nat_forwards:none
nat_interface:none
nat_prefix:172.16
nmsgq:off
notes:none
nsem:off
nsemop:off
nshm:off
nthr:off
openfiles:off
origin:readonly
owner:root
pcpu:off
plugin_name:none
plugin_repository:none
priority:99
pseudoterminals:off
quota:none
readbps:off
readiops:off
release:13.1-RELEASE-p5
reservation:none
resolver:/etc/resolv.conf
rlimits:off
rtsold:0
securelevel:2
shmsize:off
stacksize:off
state:up
stop_timeout:30
swapuse:off
sync_state:none
sync_target:none
sync_tgt_zpool:none
sysvmsg:new
sysvsem:new
sysvshm:new
template:0
type:jail
used:readonly
vmemoryuse:off
vnet:1
vnet0_mac:ae1f6bdfedfc ae1f6bdfedfd
vnet0_mtu:auto
vnet1_mac:none
vnet1_mtu:auto
vnet2_mac:none
vnet2_mtu:auto
vnet3_mac:none
vnet3_mtu:auto
vnet_default_interface:auto
vnet_default_mtu:1500
vnet_interfaces:none
wallclock:off
writebps:off
writeiops:off

 

[Patrick M. Hausen]

Try

Code:

iocage set ip4_addr=10.0.0.78/24 <jailname>
iocage restart <jailname>

And if you use CODE instead of ICODE, your output becomes much more readable.

 

[cdiddy]

Well I'll be gosh-darned! Setting the netmask does the trick. I tried on another jail, and did not need to set the default router, but I see no reason to set it rather than leave it on auto.

thank you very much,