I have enabled IPFW on the whole Truenas system. Firewall type is "open". In this circumstance I:
If I disable IPFW:
Expected behaviour: connect to my home server via OpenVPN able to access the internet on my VPN-connected device AND access the internet within jails.
What I have tried: The above describes the minimal behaviour I have arrived at. I have tried creating new jails. I have also tried modifying and logging IPFW execution but apart from locking myself out of my server once, it got me nowhere. Also, not a DNS issue as restarting networking services within a jail (service netif restart && service routing restart) gets ping google.com to result in the same behaviour as ping 8.8.8.8, which makes me think that something more sinister is going on.
I am not sure where to begin looking for an answer. If I were to be pushed to make my absolute best guess I would probably seek to disable the IPFW to be able to connect to my home server via OpenVPN but somehow modify ... something ... to allow access to the internet (somehow rerouting traffic?). Any advice on where I can begin my search would be greatly appreciated.
Advice such as outsourcing firewall handling between my ISP and my home server to a third device is not helpful as I wish to understand the above-described behaviour.
- can connect to my home server through OpenVPN and can access the internet on my VPN-connected device
- cannot access the internet within my jails
- ping google.com hangs
- ping 8.8.8.8 sends packets but never receives a response resulting in 100% packet loss
If I disable IPFW:
- can connect to my home server through OpenVPN but cannot access the internet on my VPN-connected device
- can access any local services, but cannot access external sites
- can access the internet within my jails
Expected behaviour: connect to my home server via OpenVPN able to access the internet on my VPN-connected device AND access the internet within jails.
What I have tried: The above describes the minimal behaviour I have arrived at. I have tried creating new jails. I have also tried modifying and logging IPFW execution but apart from locking myself out of my server once, it got me nowhere. Also, not a DNS issue as restarting networking services within a jail (service netif restart && service routing restart) gets ping google.com to result in the same behaviour as ping 8.8.8.8, which makes me think that something more sinister is going on.
I am not sure where to begin looking for an answer. If I were to be pushed to make my absolute best guess I would probably seek to disable the IPFW to be able to connect to my home server via OpenVPN but somehow modify ... something ... to allow access to the internet (somehow rerouting traffic?). Any advice on where I can begin my search would be greatly appreciated.
Advice such as outsourcing firewall handling between my ISP and my home server to a third device is not helpful as I wish to understand the above-described behaviour.
