PROBLEM SSH into jail from outside

Discussion in 'Networking' started by nanda, Jul 8, 2013.

  1. nanda Member

    Member Since:
    Jun 9, 2013
    Message Count:
    36
    Likes Received:
    0
    Trophy Points:
    6
    nanda, Jul 8, 2013

    I have FreeNAS 9.1 on a network with IP 10.0.2.15.

    On this system I've set up a jail, plugins1, with NAT enabled. ifconfig shows it to have IP 10.0.2.18.

    Inside the jail I've also configured SSH, and a non-root user, user1.

    Question 1: How can I connect to the jail via SSH from the FreeNAS prompt?

    Question 2: How can I connect to the jail via SSH from the 'outer' network?

    Question 3: In VirtualBox, I normally forward port 22 to 127.x.x.x:22 when faced with this problem. Is there a similar approach here?

    Thanks in advance!
  2. nanda Member

    Member Since:
    Jun 9, 2013
    Message Count:
    36
    Likes Received:
    0
    Trophy Points:
    6
  3. pirateghost Unintelligible Geek

    Member Since:
    Feb 29, 2012
    Message Count:
    969
    Likes Received:
    36
    Trophy Points:
    28
    Occupation:
    Instrumentation Engineer
    Location:
    Moore, OK
    pirateghost, Jul 9, 2013

    ssh user1@10.0.2.18

    To connect from outside the network you would forward a port to port 22 on that same ip

    Sent from my Galaxy Nexus
  4. nanda Member

    Member Since:
    Jun 9, 2013
    Message Count:
    36
    Likes Received:
    0
    Trophy Points:
    6
    nanda, Jul 10, 2013

    Can you tell me how to do that in more detail, for FreeNAS 9.
  5. budmannxx Member

    Member Since:
    Sep 7, 2011
    Message Count:
    83
    Likes Received:
    2
    Trophy Points:
    8
    budmannxx, Jul 11, 2013

    No, because port forwarding has nothing to do with FreeNAS (any version). I found some good information on the topic here. This should get you started on your Question 2 from above. But you'll need to confirm you have Question 1 solved first. If by "FreeNAS prompt" you mean the actual console, why would you need to SSH in? You're already on the FreeNAS box. That same website I mentioned before will have details on getting SSH up and running if you're trying to connect to FreeNAS from another machine on your LAN.

    Unfortunately, I don't have any experience with virtualization, so I can't help with Question 3.
  6. nanda Member

    Member Since:
    Jun 9, 2013
    Message Count:
    36
    Likes Received:
    0
    Trophy Points:
    6
    nanda, Jul 12, 2013

    OK, so no real answers?

    I was able to SSH to the jail from the FreeNAS prompt by the way.

    The reason I'm asking is that I want to provide services from separated jail environments. SSH is a proxy for that; when it works, other ports could be forwarded in the same way.

    PS. It would be ok to RTFM, but there is none for v 9.1.
  7. pirateghost Unintelligible Geek

    Member Since:
    Feb 29, 2012
    Message Count:
    969
    Likes Received:
    36
    Trophy Points:
    28
    Occupation:
    Instrumentation Engineer
    Location:
    Moore, OK
    pirateghost, Jul 12, 2013

    But forwarding ports doesn't have anything to do with freenas. Think of a jail as another machine on your network

    Sent from my Galaxy Nexus
  8. gpsguy Active Member

    Member Since:
    Jan 22, 2012
    Message Count:
    1,120
    Likes Received:
    58
    Trophy Points:
    48
    Location:
    GMT-5
    gpsguy, Jul 12, 2013

    Nanda, do remember that 9.1 is still in beta.


    Sent from my phone
  9. nanda Member

    Member Since:
    Jun 9, 2013
    Message Count:
    36
    Likes Received:
    0
    Trophy Points:
    6
    nanda, Jul 17, 2013

    After reading up on jails, I suppose what I really want is to enable raw sockets for a jail, preferably from the FreeNAS 9 ui.
  10. lorenzoASR Member

    Member Since:
    Nov 10, 2012
    Message Count:
    36
    Likes Received:
    0
    Trophy Points:
    6
    lorenzoASR, Jul 19, 2013

    Just type in terminal: ssh user1@10.0.2.18

    This two question should be replied togheter. If your Jails is well-configured, you can connect with SSH to 10.0.2.18 from EACH client on the same LAN.

    If this is true, so you have only to add a NAT on your router!

    Let's try to connect via SSH from internal LAN, and so tell me your router version, so I can give you some more help!
  11. lorenzoASR Member

    Member Since:
    Nov 10, 2012
    Message Count:
    36
    Likes Received:
    0
    Trophy Points:
    6
    lorenzoASR, Jul 19, 2013


    Code (text):
    1. # sysctl security.jail.allow_raw_sockets 1
  12. nanda Member

    Member Since:
    Jun 9, 2013
    Message Count:
    36
    Likes Received:
    0
    Trophy Points:
    6
    nanda, Jul 20, 2013


    I use VirtualBox NAT:

    Web user interface is on:
    10.0.2.5
    10.0.2.254
    10.0.2.16
    0.0.0.0

    I can access these by SSH, port 22. This gives me access to the FreeNAS system, not the jail.

    The jail is on 10.0.2.17, and accessible from the FreeNAS prompt only, using:
    # ssh user1@10.0.2.17

    Of course one can also use:
    # jexec # csh
  13. lorenzoASR Member

    Member Since:
    Nov 10, 2012
    Message Count:
    36
    Likes Received:
    0
    Trophy Points:
    6
    lorenzoASR, Jul 20, 2013

    Wrong typed? s/14/17 ?
  14. nanda Member

    Member Since:
    Jun 9, 2013
    Message Count:
    36
    Likes Received:
    0
    Trophy Points:
    6
    nanda, Jul 20, 2013

    Yes, typo:
    # ssh user1@10.0.2.17
  15. lorenzoASR Member

    Member Since:
    Nov 10, 2012
    Message Count:
    36
    Likes Received:
    0
    Trophy Points:
    6
    lorenzoASR, Jul 20, 2013

    Ok! :D

    So, have you another client connected to this LAN (not the virtualbox host) 10.0.2.0/24 ? What if ping 10.0.2.17 ?
  16. nanda Member

    Member Since:
    Jun 9, 2013
    Message Count:
    36
    Likes Received:
    0
    Trophy Points:
    6
    nanda, Jul 20, 2013

    Ping works, from FreeNAS prompt.
  17. nanda Member

    Member Since:
    Jun 9, 2013
    Message Count:
    36
    Likes Received:
    0
    Trophy Points:
    6
    nanda, Jul 20, 2013

    I have experimented with VirtualBox and a physical machine on a private LAN. Have never been able to access the jail from outside FreeNAS.
  18. nanda Member

    Member Since:
    Jun 9, 2013
    Message Count:
    36
    Likes Received:
    0
    Trophy Points:
    6
    nanda, Jul 20, 2013

    To access FreeNAS behind the VirtualBox NAT, I use port forwarding. The same for SSH.
  19. lorenzoASR Member

    Member Since:
    Nov 10, 2012
    Message Count:
    36
    Likes Received:
    0
    Trophy Points:
    6
    lorenzoASR, Jul 20, 2013

    Try to enable Promiscuos Mode in the NIC propriety of VM
  20. nanda Member

    Member Since:
    Jun 9, 2013
    Message Count:
    36
    Likes Received:
    0
    Trophy Points:
    6
    nanda, Jul 20, 2013

    I tried to add a host only-adapter to the FreeNAS VM, but then jails and jail creation fails; it complains that 'no default interface selected'.

    But I have created a default interface. Seems like a bug to me.

    I think network configuration for jails is not very intuitive.

Share This Page