Tailscale port fowarding

[TinyWorkshop]

I have Tailscale running via truecharts, is there any way to have port forwarding working?

I've found this article:

Subnet routers and traffic relay nodes · Tailscale Docs

Learn how to relay traffic from your Tailscale network onto your physical subnet.

tailscale.com

my problem is that I would like to access my qbitorrent app and my HomeAssistant using the 100.xx.xx.xx:PORT

does anyone have done that?

 

[sretalla]

There are 2 ways to do that:

1. Configure your tailscale server on the LAN to advertise the entire LAN subnet to Tailscale, then you can just access whatever app you have on your LAN via the usual IP and port (not 100.xx.xx.xx:yyyy) when the client is connected to Tailscale

2. Put a reverse proxy on your Tailscale server and have it do the port forward to your app server.

 

[TinyWorkshop]

but to do that you have to install tailscale in a VM right?

doesn't seem possible in the truecharts implementation to me

 

[sretalla]

Under the Tailscale Configuration section in the config, you have "Routes"... that's where to put the subnet(s) you would want to be available to the other tailscale network members.

You then also need to enable that in the Tailscale web interface itself (not on your TrueNAS system).

 

[TinyWorkshop]

will try, Thank you!

 

[TinyWorkshop]

seem not working for me:

I added my subnet but in the tailscale admin panel I can’t se any subnet

 

[TinyWorkshop]

I've tried also to expose 127.0.0.0/24 (just in case) and the kubernetes 172.16.0.0/16 with no luck

ip forwarding is enabled (as for truecharts guide here)

but...

one thing I noted is that the app doesn't show any port:

 

[sretalla]

one thing I noted is that the app doesn't show any port:

It's not using one. (not to listen)

I've tried also to expose 127.0.0.0/24 (just in case) and the kubernetes 172.16.0.0/16 with no luck

Don't do that. 127.x doesn't route and the Kubernetes internal network should stay local.

ip forwarding is enabled (as for truecharts guide here)

I don't think that's necessarily a requirement, but OK.

I ran the app and published one subnet in the Routes Field.

I immediately see it in the Tailscale website and can enable that route.

I have no idea what you're not doing right... are you sure you're connecting to the same account you're looking at?

 

[TinyWorkshop]

Don't do that. 127.x doesn't route and the Kubernetes internal network should stay local.

Yeah was just a test to see if any difference

are you sure you're connecting to the same account you're looking at?

yes, the app for all the other things works as intended
I can see any other modification almost in real time (tried also downgrading version)

Maybe I have to change something in my network conf.
now I have a bridge network in order to get access from the VM to the truenas Host

 

[sretalla]

I have a bridge network in order to get access from the VM to the truenas Host

Me too.

Maybe try deleting and re-creating the app.

It worked fine for me when just entering the token and the route.

 

[TinyWorkshop]

will do :)

thanks for your support

 

[TinyWorkshop]

reinstalled and worked at the fist attempt …. weird

 

[mutenroid]

HI @TinyWorkshop,

Could you post the full configuration??
I'm with the same problem, tailscale app and photoprism installed, but in my case its imposible to access internal Photoprism port through Tailscale.

Thanks in advance

 

[TinyWorkshop]

HI @TinyWorkshop,

Could you post the full configuration??
I'm with the same problem, tailscale app and photoprism installed, but in my case its imposible to access internal Photoprism port through Tailscale.

Thanks in advance

sure:

my network is 192.168.2.xx

is a super basic configuration and I've done nothing particular other than reinstalling...

imho if you still have problems is probably due to permissions

 

[machinsk]

I'm having the same problem, I've tried reinstalling but nothing changed.. To get to the truenas UI through the tailnet, I have to check 'Host Network' but anything hosted on a port, immich, home assistent, etc. can only be reached outside the tailnet locally.

 

[machinsk]

Here's the output for nmap inside and outside the tailnet:
in:

~ % nmap -p1-65535 truenas
Starting Nmap 7.94 ( https://nmap.org ) at 2024-02-20 01:03 MST
Nmap scan report for truenas (100.85.83.77)
Host is up (0.00080s latency).
rDNS record for 100.85.83.77: truenas.tailfa906.ts.net
Not shown: 65510 closed tcp ports (conn-refused)
PORT STATE SERVICE
53/tcp open domain
80/tcp open http
111/tcp open rpcbind
139/tcp open netbios-ssn
443/tcp open https
445/tcp open microsoft-ds
4711/tcp open trinity-dist
6000/tcp open X11
6443/tcp open sun-sr-https
6444/tcp open sge_qmaster
6999/tcp open iatp-normalpri
10010/tcp open rxapi
10248/tcp open unknown
10250/tcp open unknown
10257/tcp open unknown
10259/tcp open unknown
20244/tcp open unknown
20720/tcp open unknown
29642/tcp open unknown
29643/tcp open unknown
29644/tcp open unknown
29652/tcp open unknown
29653/tcp open unknown
34547/tcp open unknown
50051/tcp open unknown

Nmap done: 1 IP address (1 host up) scanned in 9.42 seconds

out:

~ % nmap -p1-65535 192.168.10.142
Starting Nmap 7.94 ( https://nmap.org ) at 2024-02-20 01:04 MST
Nmap scan report for 192.168.10.142
Host is up (0.00032s latency).
Not shown: 65512 closed tcp ports (conn-refused)
PORT STATE SERVICE
53/tcp open domain
80/tcp open http
111/tcp open rpcbind
139/tcp open netbios-ssn
179/tcp open bgp
443/tcp open https
445/tcp open microsoft-ds
5357/tcp open wsdapi
6000/tcp open X11
6443/tcp filtered sun-sr-https
10250/tcp open unknown
20244/tcp open unknown
20720/tcp open unknown
20810/tcp open crtech-nlm
29642/tcp open unknown
29643/tcp open unknown
29644/tcp open unknown
29652/tcp open unknown
29653/tcp open unknown
30041/tcp open unknown
32400/tcp open plex
34547/tcp open unknown
50051/tcp open unknown

Nmap done: 1 IP address (1 host up) scanned in 6.37 seconds

 

[TinyWorkshop]

I'm having the same problem, I've tried reinstalling but nothing changed.. To get to the truenas UI through the tailnet, I have to check 'Host Network' but anything hosted on a port, immich, home assistent, etc. can only be reached outside the tailnet locally.

Is your tail net a new setup?

 

[machinsk]

Yes? Its pretty recent.. I set it up a few days ago between another server and my iPhone. Now it has about 5 devices..

 

[TinyWorkshop]

Yes? Its pretty recent.. I set it up a few days ago between another server and my iPhone. Now it has about 5 devices..

Worth checking if you have the magic dns enabled, I had some problems with that (but not related to truenas tbh)

maybe is your case?

 

[machinsk]

Worth checking if you have the magic dns enabled, I had some problems with that (but not related to truenas tbh)

maybe is your case?

MagicDNS is enabled, its enabled by default nowadays. nmap shows the exposed ports, since its exposed all webui services from my truenas are exposed locally outside the tailnet, but not on inside the tailnet, I'm thinking its a issue with a pod setting or tailscale implementation in this deployment.. Note, some services do expose their port inside the tailnet correctly like pizero, just most others do not have their port exposed in the tailnet.