Hello,
i'm new at FreeNAS, new at FreeBSD at all but i like to get new knowledge in network technologies. I also sorry about my English but i need some help...
Ok so what's the problem (step by step):
- i have setup new FreeNAS with few jails
- in one of the jails i have installed transmission via plugin
- i have forwarded port to my router and modem (isp)
- transmission works fine (ssh and www panel in lan and via isp adress)
- torrents are not so legal in my country so i wanna setup some openvpn (transmission must use vpn, but else services not)
- i compiled and installed openvpn with passwords and users stored in files (in transmission jail)
- openvpn works fine with freevpn.me
- torrents download but not sending (openvpn haven't option to froward ports, but 80 is open)
- i allowed transmission to use 80 port for uploading files and works fine
- PROBLEM - now when i connected via openvpn i can't access to transmission panel and ssh from outside my network (no via VPN adress but my normal ISP adress)
- i have some ipfw rules but they passing me from outside network (ISP adress) only when i close openvpn
I don't know what the problem is and how can i connect transmission www panel and ssh from outside via my ISP (not VPN) adress. Maybe someone have som advantages in that type of cases?
This i have in ipfw_rules
My jail adress - 192.168.1.12.
Server configuration:
FreeNAS-9.3-STABLE-201505130355
CPU Celeron J1900
RAM 4GB NonECC
Mobo Asrock Q1900DC-ITX
2 SATA disks
1 pendrive for system
I know that configurations is not even minial FreeNAS requirments but works for me and i use it for something like HTPC not NAS (so my files are not so important) and this is not kind of problem minimal requirments.
OK. 48 hours later (and 0 responds) i knew something new. It won't work cause i try to login via ISP adress, but NAS try to answer me via VPN.
To solve this i need to use PF (packet filter). I found even rule for this (i think it will be work, but i can't test it):
But finally i can't use this cause PF need some extra kernel modules to work. OK. I can add this module to FreeNAS and share it to my jail, but I considered it, that will be too much risky choice (i know that digging in FreeNAS main system in to so good idea). For now i solve it with ugly way - in another jail i setup remote desktop with firefox ;-)
Now, when i need to open transmission panel i log in remote desktop, opening friefox and login to transmission www panel in LAN network (it no need to use Gateway so it works). For SSH i log in jail, and from that jail i log in viaa ssh to transmission jail :)
I know that sharing FreeNAS box with internet is not so good idea but i love networking :)
Topic is SOLVED, but not in good way, that's why i don't change status of this topic.
i'm new at FreeNAS, new at FreeBSD at all but i like to get new knowledge in network technologies. I also sorry about my English but i need some help...
Ok so what's the problem (step by step):
- i have setup new FreeNAS with few jails
- in one of the jails i have installed transmission via plugin
- i have forwarded port to my router and modem (isp)
- transmission works fine (ssh and www panel in lan and via isp adress)
- torrents are not so legal in my country so i wanna setup some openvpn (transmission must use vpn, but else services not)
- i compiled and installed openvpn with passwords and users stored in files (in transmission jail)
- openvpn works fine with freevpn.me
- torrents download but not sending (openvpn haven't option to froward ports, but 80 is open)
- i allowed transmission to use 80 port for uploading files and works fine
- PROBLEM - now when i connected via openvpn i can't access to transmission panel and ssh from outside my network (no via VPN adress but my normal ISP adress)
- i have some ipfw rules but they passing me from outside network (ISP adress) only when i close openvpn
I don't know what the problem is and how can i connect transmission www panel and ssh from outside via my ISP (not VPN) adress. Maybe someone have som advantages in that type of cases?
This i have in ipfw_rules
Code:
add 01004 allow ip from 192.168.1.0/24 to 192.168.1.0/24 keep-state add 01006 allow log udp from any to any dst-port 53 keep-state add 01008 allow ip from any to any dst-port 1194 keep-state add 05000 allow ip from 176.126.237.207 to any add 05002 allow ip from any to 176.126.237.207 add 05004 allow ip from 10.12.0.0/8 to any add 05006 allow ip from any to 10.12.0.0/8 add 05008 allow log udp from 192.168.1.0/24 to 255.255.255.255 add 05010 allow log udp from 0.0.0.0 to 255.255.255.255 add 05012 allow ip from any to 192.168.1.0/24 dst-port 32500 keep-state add 05014 allow ip from 192.168.1.0/24 to any dst-port 32500 keep-state add 05016 allow ip from any to 192.168.1.0/24 dst-port 60013 keep-state add 05018 allow ip from 192.168.1.0/24 to any dst-port 60013 keep-state add 65534 deny ip from any to any
My jail adress - 192.168.1.12.
Server configuration:
FreeNAS-9.3-STABLE-201505130355
CPU Celeron J1900
RAM 4GB NonECC
Mobo Asrock Q1900DC-ITX
2 SATA disks
1 pendrive for system
I know that configurations is not even minial FreeNAS requirments but works for me and i use it for something like HTPC not NAS (so my files are not so important) and this is not kind of problem minimal requirments.
OK. 48 hours later (and 0 responds) i knew something new. It won't work cause i try to login via ISP adress, but NAS try to answer me via VPN.
To solve this i need to use PF (packet filter). I found even rule for this (i think it will be work, but i can't test it):
Code:
ext_if1 = "epair" ext_if2 = "tun" ext_gw1 = "192.168.1.1" ext_gw2 = "10.12.0.1" pass out on $ext_if1 from $ext_if2 route-to ($ext_if2 $ext_gw2) pass out on $ext_if2 from $ext_if1 route-to ($ext_if1 $ext_gw1)
But finally i can't use this cause PF need some extra kernel modules to work. OK. I can add this module to FreeNAS and share it to my jail, but I considered it, that will be too much risky choice (i know that digging in FreeNAS main system in to so good idea). For now i solve it with ugly way - in another jail i setup remote desktop with firefox ;-)
Now, when i need to open transmission panel i log in remote desktop, opening friefox and login to transmission www panel in LAN network (it no need to use Gateway so it works). For SSH i log in jail, and from that jail i log in viaa ssh to transmission jail :)
I know that sharing FreeNAS box with internet is not so good idea but i love networking :)
Topic is SOLVED, but not in good way, that's why i don't change status of this topic.
Last edited: