Some ports are blocked?

[aihysp]

Hello

i have installed 3 jails , Homeasstinet , Node-red, mosquitto

Node-red can see mosqitto, i guess becuse thay are on the jail network??
but all devices in the network cannot connect to that mosqito server...

also node red is not able to connect to HA , with the token

so from what i can see the jails have some kind of block from my network ?

thanks!

 

[sretalla]

Are they NAT or VNET jails?

What ports are those services trying to listen on? (80? 443?)

 

[aihysp]

it is vnet i think i dont have NAT cheked
and the ports are 1883 for mosquitto jail for exmpale

and devices outside of the jail network cannot connect

 

[sretalla]

And if you check the dns in the jail or pings, can you get out from it? Do you see a value for iocage get defaultrouter <jailname> ?

 

[aihysp]

all pings are going in and back no issues also i am able to accses web gui of the jails
but some services are not working as excpted mainly MQTT Port 1883

also on all my jails iocage get defaultrouter <jailname> will give me my router adress

o have a pfsense router ... maybe i can find some clues there ?

 

[sretalla]

From a website that doesn't have it's certificate in order (so I won't post you the link to it)...

If you are trying to get a service running as an unprivileged user to bind to port 80 in a FreeNAS iocage jail you will need to do the following:

Set securelevel of the jail in Jail Properties to -1

Add the following two lines to /etc/sysctl.conf inside the jail:

net.inet.ip.portrange.reservedlow=0
net.inet.ip.portrange.reservedhigh=0

I have no idea if this is the problem (I'm working on the theory that the current limit is ports below 2000 aren't allowed for non-root... and that your jail process isn't root), but it should be easy to put back if it doesn't solve the issue.

 

[aihysp]

no did not do the trick even after jail reboot
it kind of made it worse now even other devices on jail net cant see it