redm0nster
Cadet
- Joined
- Apr 14, 2023
- Messages
- 6
Running TrueNAS Core version TrueNAS-13.0-U4 on a Pentium Silver J5040 cpu (64-bit) with 16GB RAM. 1 x 240GB SSD boot disk and 2 x 10TB Seagate Ironwolf pro disks running as mirror.
I've got a jail called "bind-dns" that I want to forward ports UDP/53 and TCP/53 to because it is a DNS server. I've started with just UDP/53 to keep things simple. This jail works fine and I can perform DNS queries to it using the usual UDP port 53 to the truenas' IP address. So NAT and port forwarding is working. The issue is that while I can start it fine from the command line with sudo iocage start bind-dns, I cannot start it from the web interface: I get the error message "Error: [EFAULT] Please correct udp(53:53) port rule as another running jail is using one of the mentioned ports.".
UDP port 53 is not used by the truenas host (checked with netstat -na | grep 53), nor is it port forwarded by any other jail (including jails that are down). I know I can use DHCP, but I'd like to use NAT with port forwarding so I can use my TrueNAS system as a DNS server, and I want to run it in a jail to reduce the impact of a compromise via DNS/bind.
Here is example command line output:
Web interface example:
This looks like a bug to me. Does anyone know about it, and whether it's being worked on?
I've got a jail called "bind-dns" that I want to forward ports UDP/53 and TCP/53 to because it is a DNS server. I've started with just UDP/53 to keep things simple. This jail works fine and I can perform DNS queries to it using the usual UDP port 53 to the truenas' IP address. So NAT and port forwarding is working. The issue is that while I can start it fine from the command line with sudo iocage start bind-dns, I cannot start it from the web interface: I get the error message "Error: [EFAULT] Please correct udp(53:53) port rule as another running jail is using one of the mentioned ports.".
UDP port 53 is not used by the truenas host (checked with netstat -na | grep 53), nor is it port forwarded by any other jail (including jails that are down). I know I can use DHCP, but I'd like to use NAT with port forwarding so I can use my TrueNAS system as a DNS server, and I want to run it in a jail to reduce the impact of a compromise via DNS/bind.
Here is example command line output:
Code:
rsh@store:~$ iocage list +------+---------------+-------+--------------+------------+ | JID | NAME | STATE | RELEASE | IP4 | +======+===============+=======+==============+============+ | None | bind-dns | down | 13.2-RELEASE | 172.16.0.6 | +------+---------------+-------+--------------+------------+ | 42 | gitserver | up | 13.2-RELEASE | DHCP | +------+---------------+-------+--------------+------------+ | 33 | jellyfin | up | 13.1-RELEASE | DHCP | +------+---------------+-------+--------------+------------+ | 34 | photoprism | up | 12.4-RELEASE | 172.16.0.2 | +------+---------------+-------+--------------+------------+ | 7 | plex | up | 13.1-RELEASE | DHCP | +------+---------------+-------+--------------+------------+ | None | test-jail-new | down | 13.1-RELEASE | DHCP | +------+---------------+-------+--------------+------------+ rsh@store:~$ sudo iocage start bind-dns Password: bind-dns: nat requires nat_interface, using re0 No default gateway found for ipv6. * Starting bind-dns + Started OK + Using devfs_ruleset: 1005 (iocage generated default) + Configuring VNET OK + Using IP options: vnet + Starting services OK + Executing poststart OK rsh@store:~$ sudo iocage stop bind-dns * Stopping bind-dns + Executing prestop OK + Stopping services OK + Tearing down VNET OK + Removing devfs_ruleset: 1005 OK + Removing jail process OK + Executing poststop OK
Web interface example:
This looks like a bug to me. Does anyone know about it, and whether it's being worked on?