How do change iocage NAT port forwarding - when using DHCP

[Aaron Siemieniec]

Pushed off redoing all my jails that were created and accessible via the "legacy" interface (v10?). FreeNAS is now on v11.3-U1 and figured it's time to re-do it all, start clean and fresh.

I used to be able to access a plugin, say SAB or Sonarr, etc, via the jail's IP and port 80. I don't like having to always enter port 8989 when going to Sonarr, same for the other plugins. Now in v11.3-U1 with iocage, the only way within the UI of FreeNAS to alter the NAT port forwarding is if I have NAT enabled, DHCP disabled. But I don't want my jails with the same IP as the FreeNAS box. Each jail gets it's IP via DHCP from my Windows server. I could even do with specifying an IP within the jail config but I still can't get the NAT port forwarding to show the text box unless I have NAT enabled in the jail config.

There has to be a conf file somewhere that allows me to change the default ports from whatever they are to 80 for each plugin and still allow me to use DHCP or a static IP.

Ideas where that file is or what file to create?

Thanks

 

[sretalla]

SAB, as the first example has the setting in its config on the general page, second setting for HTTP, 4th for HTTPS.

Sonarr has it in exactly the same spot.

You will just need to connect to those frontends first on the default port (8080 and 8989 respectively) first to change the setting and restart.

 

[Aaron Siemieniec]

Thank you, sretalla for the reply. I apologize for not being more clear in my original post. Let me add some pictures this time.
(Using Sonarr as an example)

1.) For many years used warden jail for Sonarr. I was able to change the access port from 8989 to 80.
2.) Upgraded FreeNAS to 11.3-U1 . I had been putting it off because I didn't want to have to rebuild everything knowing that warden was "out" and I'd have to use iocage.
3.) Installed the Sonarr iocage plugin (see pic 1)

4.) Am able to access Sonarr at http://<hostname>:8989
5.) Within Sonarr I can navigate to General, Start Up, and change the port from 8989 to 80, click Save and then edit my URL bar to strip out port 8989
6.) Browser tries to navigate to http://<hostname>/ but instead error "This site can't be reached" is displayed
7.) So I go back to my plugin page in FreeNAS and still observe the Admin Portal is still configured to port 8989.
8.) I go to my jails page and edit my jail hosting the Sonarr plugin

9.) I look at the General settings and observe the following:
DHCP is enabled (IP is obtained from a DHCP reservation from my AD server
VNET is enalbed
Berkeley is enabled

10.) I looked around the jail properties and tried to find where I change the management port from 8989 to 80. That section is under the Network Properties category... I attempt to change the jail port number but find that I can't edit the port when the jail is running. So I stop the jail...

11.) I navigate back to where I just was (edit the jail, Jail Properties, Network Properties) and now the NAT Port Forwarding is missing

12.) Through some time and troubleshooting I find that I can only get the NAT Port Forward section to reappear if I go back to edit the jail, Basic Properties and uncheck DHCP and enable NAT

13.) I then go back to edit the jail, Jail Properties, Network Properties and the magical NAT Port Forward section has returned so I check to enable NAT Port Forwarding and input the values TCP, 80, 80, Save

14.) Start the jail and it fails because it says another jail is using the same port. Ummmm ok. So then I go back into the NAT Port Forwarding and change the Jail Port Number from 80 back to 8989 (leave the Host Port Number at 80 since that is what I setup with Sonarr). Attempt to start the plugin/jail and get the same problem. I don't have any other jails running on port 8989 or 80. FreeNAS itself is running on port 80 so I think that is really what is causing the conflict.

I had this working fine with warden jails. What am I doing wrong? I have to use DHCP for the plugin/jail or else it uses the same IP as the FreeNAS box (right? - that's what NAT does).
15.) I look back at my plugins and see my Sonarr is "down" but at least it is now on port 80:

16.) For grins and giggles I navigate to http://10.1.1.102 and remember that is my FreeNAS IP

I'm thinking there has to be a conf file *somewhere* on the FreeNAS side that configures the iocage to use port 8989. Probably the GUI doesn't have a way to modify this file, but I can use Putty. I just don't know where the conf file lives.

Thank you.

 

[sretalla]

If you're using vnet, nat isn't applicable at the iocage level (only at your internet gateway/router).

Do you have the allow raw sockets set in the jails?

 

[Aaron Siemieniec]

I did not have allow raw sockets set. I have just now enabled that feature for Sonarr. I disabled VNET, BPF, DHCP and then hard set the IP to the IP I use for this jail. Started it up, no-go. Ideas?
Thank you,

 

[garm]

You need to slow down and explain precisely what you want to achieve, if not just for yourself.
Jail NAT is not compatible with DHCP as the jail will share an IP with FreeNAS.
Changing ports on a plugin might not be possible.
FreeNAS already uses the standard ports for web..

So starting from the beginning,

It’s hard to type 5 extra characters in an URL

Have you considered bookmarks?
The DNS resolver in pfSense will resolve hostnames of DHCP leases, maybe you can set up dynamic or static DNS entries on your router?
Installing something like Heimdall will give you fancy shortcuts.
Putting a reverse proxy in front of you jails will give you pretty urls https://domain.io/app

No! I really, really need to enter ips without ports

Install the service in a standard jail, with VNET and a static IP, change the service to run on standard web ports. You need to set up one jail per service or the ports will collide.

15. Jails — FreeNAS®11.3-U1 User Guide Table of Contents

www.ixsystems.com

Chapter 4. Installing Applications: Packages and Ports

FreeBSD provides two complementary technologies for installing third-party software: the FreeBSD Ports Collection, for installing from source, and packages, for installing from pre-built binaries

www.freebsd.org

Redirecting…

 

[Aaron Siemieniec]

I understand about it being trivial that I have to type in 5 extra characters to get to a site. What I don't understand is why (but I think I do now). It was working before in the days of warden and legacy web UI. And I am definitely appreciative of the help that has been posted. I didn't have to use external applications, reverse proxys or fancy shortcuts before in order to change the management ports from 8080, 8989, 32400, 7878, 8443 to 80. You must be right, @garm, in that I used standard jails before. I'll let it be and drop the issue.

thank you again.

 

[sretalla]

I disabled VNET, BPF, DHCP and then hard set the IP to the IP I use for this jail. Started it up, no-go. Ideas?

You want to use VNET. This is how you get the jail on a different IP to the FreeNAS host.
BPF and DHCP go together and are optional, although I've seen troubles when manually assigning IPs to jails and only use DHCP (with reservation of IP) myself, so can't help with that.

 

[garm]

Atm it seams jails do not get network unless DHCP is used in 11.3-U1

 

[Aaron Siemieniec]

Thank you, @garm , @sretalla for your help. I really do appreciate your contributions.