SSH into jail from outside

[nanda]

I have FreeNAS 9.1 on a network with IP 10.0.2.15.

On this system I've set up a jail, plugins1, with NAT enabled. ifconfig shows it to have IP 10.0.2.18.

Inside the jail I've also configured SSH, and a non-root user, user1.

Question 1: How can I connect to the jail via SSH from the FreeNAS prompt?

Question 2: How can I connect to the jail via SSH from the 'outer' network?

Question 3: In VirtualBox, I normally forward port 22 to 127.x.x.x:22 when faced with this problem. Is there a similar approach here?

Thanks in advance!

 

[nanda]

bump

 

[pirateghost]

ssh user1@10.0.2.18

To connect from outside the network you would forward a port to port 22 on that same ip

Sent from my Galaxy Nexus

 

[nanda]

Can you tell me how to do that in more detail, for FreeNAS 9.

 

[budmannxx]

Can you tell me how to do that in more detail, for FreeNAS 9.

No, because port forwarding has nothing to do with FreeNAS (any version). I found some good information on the topic here. This should get you started on your Question 2 from above. But you'll need to confirm you have Question 1 solved first. If by "FreeNAS prompt" you mean the actual console, why would you need to SSH in? You're already on the FreeNAS box. That same website I mentioned before will have details on getting SSH up and running if you're trying to connect to FreeNAS from another machine on your LAN.

Unfortunately, I don't have any experience with virtualization, so I can't help with Question 3.

 

[nanda]

OK, so no real answers?

I was able to SSH to the jail from the FreeNAS prompt by the way.

The reason I'm asking is that I want to provide services from separated jail environments. SSH is a proxy for that; when it works, other ports could be forwarded in the same way.

PS. It would be ok to RTFM, but there is none for v 9.1.

 

[pirateghost]

But forwarding ports doesn't have anything to do with freenas. Think of a jail as another machine on your network

Sent from my Galaxy Nexus

 

[gpsguy]

Nanda, do remember that 9.1 is still in beta.


Sent from my phone

 

[nanda]

After reading up on jails, I suppose what I really want is to enable raw sockets for a jail, preferably from the FreeNAS 9 ui.

 

[lorenzoASR]

I have FreeNAS 9.1 on a network with IP 10.0.2.15.

On this system I've set up a jail, plugins1, with NAT enabled. ifconfig shows it to have IP 10.0.2.18.

Inside the jail I've also configured SSH, and a non-root user, user1.

Question 1: How can I connect to the jail via SSH from the FreeNAS prompt?

Just type in terminal: ssh user1@10.0.2.18

Question 2: How can I connect to the jail via SSH from the 'outer' network?Question 3: In VirtualBox, I normally forward port 22 to 127.x.x.x:22 when faced with this problem. Is there a similar approach here?

This two question should be replied togheter. If your Jails is well-configured, you can connect with SSH to 10.0.2.18 from EACH client on the same LAN.

If this is true, so you have only to add a NAT on your router!

Let's try to connect via SSH from internal LAN, and so tell me your router version, so I can give you some more help!

 

[lorenzoASR]

After reading up on jails, I suppose what I really want is to enable raw sockets for a jail, preferably from the FreeNAS 9 ui.

Code:

# sysctl security.jail.allow_raw_sockets 1

 

[nanda]

Just type in terminal: ssh user1@10.0.2.18
Let's try to connect via SSH from internal LAN, and so tell me your router version, so I can give you some more help!

I use VirtualBox NAT:

Web user interface is on:
10.0.2.5
10.0.2.254
10.0.2.16
0.0.0.0

I can access these by SSH, port 22. This gives me access to the FreeNAS system, not the jail.

The jail is on 10.0.2.17, and accessible from the FreeNAS prompt only, using:
# ssh user1@10.0.2.17

Of course one can also use:
# jexec # csh

 

[lorenzoASR]

The jail is on 10.0.2.17, and accessible from the FreeNAS prompt only, using:
# ssh user1@10.0.2.14

Wrong typed? s/14/17 ?

 

[nanda]

Yes, typo:
# ssh user1@10.0.2.17

 

[lorenzoASR]

Ok! :D

So, have you another client connected to this LAN (not the virtualbox host) 10.0.2.0/24 ? What if ping 10.0.2.17 ?

 

[nanda]

Ping works, from FreeNAS prompt.

 

[nanda]

I have experimented with VirtualBox and a physical machine on a private LAN. Have never been able to access the jail from outside FreeNAS.

 

[nanda]

To access FreeNAS behind the VirtualBox NAT, I use port forwarding. The same for SSH.

 

[lorenzoASR]

Try to enable Promiscuos Mode in the NIC propriety of VM

 

[nanda]

I tried to add a host only-adapter to the FreeNAS VM, but then jails and jail creation fails; it complains that 'no default interface selected'.

But I have created a default interface. Seems like a bug to me.

I think network configuration for jails is not very intuitive.