Redirect Plugin/Jail Port to different jail port

Rudi Pittman

Contributor
Joined
Dec 22, 2015
Messages
161
I've got a bunch of different plugins that are running on various ports with their own ip addresses. I'd like to simplify things by redirecting the port within the jail so that whatever port it's using (for example emby is using port 8096) that port gets redirected to port 80 within the jail so instead of having to remember:

http://10.0.0.2:8080 is sickrage
http://10.0.0.3:9000 is couchpotato
http://10.0.0.4:7000 is nzbhydra

Those are totally made up but you get the idea. After the redirect I want http://10.0.0.2 to take me to sickpage, http://10.0.0.3 to take me to couchpotato and http://10.0.0.4 to take me to nzbhydra without having to worry about the port as it default to 80.

I'm sure it's a simple ipfw rule but I don't seem to be able to find a good example since everything I find seems to be trying to forward from the NAS ip/port to the jail ip/port.
 

Artion

Patron
Joined
Feb 12, 2016
Messages
331
Hi, take a look at this found trying this.
 

Rudi Pittman

Contributor
Joined
Dec 22, 2015
Messages
161
Hi, take a look at this found trying this.

Thanks for providing that info. The primary difference I think is that I'm NOT trying to remove CP from port 5000. I'm just trying to make traffic going to default port 80 redirect to port 5000 automatically so I don't have to remember all these different port numbers. Pretty sure ipfw should be able to do a redirect without breaking anything on the services since to them it will be coming in on the right port.
 

Artion

Patron
Joined
Feb 12, 2016
Messages
331
Ok, that was a possibility. I also found this. It's about ipfw. I'll try it for plex...:eek:

It worked! :)
 

Rudi Pittman

Contributor
Joined
Dec 22, 2015
Messages
161
Ok, that was a possibility. I also found this. It's about ipfw. I'll try it for plex...:eek:

It worked! :)

Thanks for the assistance! That's exactly what i was looking for. Since each jail has it's own ip it seems to make more sense to have all of them use port 80.
 

Rudi Pittman

Contributor
Joined
Dec 22, 2015
Messages
161
For those wanting to do this permanently in a jail do the following:
From the freenas command line do a "sudo jls" and identify what the jail # you want to edit is.
Now do a "sudo jexec <jail#> sh" replacing <jail#> with the number you saw.

Once inside the jail cut and paste the following 4 lines. You should edit the port in the lines from 8081 to whatever port the jail normally uses before pasting.

echo firewall_enable="YES" >> /etc/rc.conf
echo firewall_type="/media/ipfw_rules" >> /etc/rc.conf
echo "add 100 fwd 127.0.0.1,8081 tcp from any to any 80 in" >> /media/ipfw.rules
ipfw add 100 fwd 127.0.0.1,8081 tcp from any to any 80 in

---
You should now be able to access the jail service directly by just the ip address with no port needed. Hope some find this useful and thanks to Artion for the assistance.
 

Artion

Patron
Joined
Feb 12, 2016
Messages
331
Glad to see it worked and thanks for the detailed post. Would you mark this thread as Solved?
 

lz253

Cadet
Joined
Mar 8, 2020
Messages
2
Hi! (Sorry for bumping an old thread but I'm from google search and I can't find any helpful information anywhere else.)

Basically I'm trying to do the same but for HTTPS (redirecting from port 443 to port 8443). I tried the config above but keep getting 400 bad request errors. Any suggestions?
 

sretalla

Powered by Neutrality
Moderator
Joined
Jan 1, 2016
Messages
9,702
Basically I'm trying to do the same but for HTTPS (redirecting from port 443 to port 8443). I tried the config above but keep getting 400 bad request errors. Any suggestions?
You're probably not taking into account that the 8443 port isn't expecting https traffic, it's expecting http... either change the config of the app (whichever one that is you're using) to expect https or use port 80. You can test what I'm suggesting by using http://whatever.ip:8443/
 

lz253

Cadet
Joined
Mar 8, 2020
Messages
2
You're probably not taking into account that the 8443 port isn't expecting https traffic, it's expecting http... either change the config of the app (whichever one that is you're using) to expect https or use port 80. You can test what I'm suggesting by using http://whatever.IP:8443/
Thanks for helping! The 8443 port (running unifi controller) is expecting https traffic and I can visit https://my.jail.ip:8443/ without problems. My goal is to be able to visit the app without having to add the port number, since the 443 port isn't being used by anything else. I thought this was a straightforward task but after several hours of trying different ways (ipfw, pf, nginx...) I still can't get it to work. The next thing I'm going to try is haproxy, but I really need to take a break from it for now :p
 

erykkotys

Cadet
Joined
Jun 9, 2021
Messages
3
echo firewall_enable="YES" >> /etc/rc.conf
echo firewall_type="/media/ipfw_rules" >> /etc/rc.conf
echo "add 100 fwd 127.0.0.1,8081 tcp from any to any 80 in" >> /media/ipfw.rules
ipfw add 100 fwd 127.0.0.1,8081 tcp from any to any 80 in

Hi!
I was trying to do this, but i keep getting "ipfw: socket: Operation not permitted" error.
I'm on TrueNAS-12.0-U4, tried it on different jails, no luck on any.
Tried googling a solution but can't find anything useful.
Any help?
 

sretalla

Powered by Neutrality
Moderator
Joined
Jan 1, 2016
Messages
9,702
i keep getting "ipfw: socket: Operation not permitted" error.
Have you set the jail to allow raw sockets?

iocage set allow_raw_sockets=1 jailname
 

sretalla

Powered by Neutrality
Moderator
Joined
Jan 1, 2016
Messages
9,702
Just tried that. Now I'm getting a different error: "ipfw: getsockopt(IP_FW_XADD): Operation not permitted"
What command exactly are you running to get that?
 
Top