System update can't reach FreeNAS server

[VictorR]

It worked a few times in the past with the default configuration after initial install. But, it stopped working.
The NAS is getting a DHCP address(192.168.1.27) from the local LAN router(192.168.1.1) on its 1GbE port. [it also has 6 LAGG'd 10GbE ports on 10.0.1.2] My assumption was that it would also inherit routing to the internet settings from the router/DHCP server.

My only guess is that it needs a static route to the "http://update.freenas.org/FreeNAS". But, I don't know the IP address(es) to assign. Although, I'm at a loss why it worked a few times before without a static route.

I have static routes to both OpenDNS servers (208.67.222.220/24, 208.67.222.222/24) and pings from shell to any domain can resolve addresses, but have "no route to host"

I know this is something simple, I just can't figure out what(likely due to my hangover)


Updates now error out with " <urlopen error [Errno 51] Network is unreachable>"

Request Method: GET
Request URL: http://192.168.1.27/system/update/check/
Software Version: FreeNAS-9.3-STABLE-201602031011
Exception Type: URLError
Exception Value:
<urlopen error [Errno 51] Network is unreachable>
Exception Location: /usr/local/lib/freenasOS/Configuration.py in TryGetNetworkFile, line 630
Server time: Sun, 20 Mar 2016 16:16:57 -0700
Traceback
Environment:

Software Version: FreeNAS-9.3-STABLE-201602031011
Request Method: GET
Request URL: http://192.168.1.27/system/update/check/


Traceback:
File "/usr/local/lib/python2.7/site-packages/django/core/handlers/base.py" in get_response
105. response = middleware_method(request, callback, callback_args, callback_kwargs)
File "/usr/local/www/freenasUI/../freenasUI/freeadmin/middleware.py" in process_view
156. return login_required(view_func)(request, *view_args, **view_kwargs)
File "/usr/local/lib/python2.7/site-packages/django/contrib/auth/decorators.py" in _wrapped_view
22. return view_func(request, *args, **kwargs)
File "/usr/local/www/freenasUI/../freenasUI/system/views.py" in update_check
1410. train=updateobj.get_train(),
File "/usr/local/www/freenasUI/../freenasUI/system/models.py" in get_train
552. trains = conf.AvailableTrains() or []
File "/usr/local/lib/freenasOS/Configuration.py" in AvailableTrains
850. fileref = self.TryGetNetworkFile(file = TRAIN_FILE, reason = "FetchTrains")
File "/usr/local/lib/freenasOS/Configuration.py" in TryGetNetworkFile
630. raise url_exc

Exception Type: URLError at /system/update/check/
Exception Value: <urlopen error [Errno 51] Network is unreachable>​

 

[depasseg]

What is your default gateway?

 

[VictorR]

It works with the default gateway set to 192.168.1.1.
But, I left the field blank because of this warning in the User Guide:

NOTE: in many cases, a FreeNAS® configuration does not include default gateway information as a way to make it more difficult for a remote attacker to communicate with the server. While this is a reasonable precaution, such a configuration does not restrict inbound traffic from sources within the local network. However, omitting a default gateway will prevent the FreeNAS® system from communicating with DNS servers, time servers, and mail servers that are located outside of the local network. In this case, it is recommended to add Static Routes in order to reach external DNS, NTP, and mail servers which are configured with static IP addresses. If you add a gateway to the Internet, make sure that the FreeNAS® system is protected by a properly configured firewall.
​

I was hoping to fix that with a static route to the update server.
I guess the easiest solution is to just enter the default gateway in whenever I want to run Update, then remove it when done

 

[Mirfster]

While this is a reasonable precaution, such a configuration does not restrict inbound traffic from sources within the local network.

If you have rogue processes on your local network, then you have bigger issues. ;) As far as internet traffic, all of that should be handled by a properly configured router and firewall.

 

[VictorR]

Months ago, I must have rushed through that part of the Guide and misread, that section. Somehow, it just stuck in my mind and I never questioned it
Thanks for pointing out my mistake, Mirfster. Saved me a lot of unnecessary hassle