- Joined
- Nov 25, 2013
- Messages
- 7,776
No. VNET means your jail has got a completely independent network interface. And if you don't enable NAT, nothing is interfering with the packets. Time to get out tcpdump/Wireshark ...
$ ssh admin@192.168.1.3 ssh: connect to host 192.168.1.3 port 22: Connection refused $ nc -vz 192.168.1.3 22 nc: connectx to 192.168.1.3 port 22 (tcp) failed: Connection refused
Looks like ports needed for WebRTC to work are:
TCP 80
TCP 443
UDP 443
macmini$ nc -vz 192.168.1.3 8080 Connection to 192.168.1.3 port 8080 [tcp/http-alt] succeeded! macmini$ nc -vz 192.168.1.3 22 nc: connectx to 192.168.1.3 port 22 (tcp) failed: Connection refused macmini$ nc -vz 192.168.1.3 443 nc: connectx to 192.168.1.3 port 443 (tcp) failed: Connection refused macmini$ nc -vz 192.168.1.3 80 nc: connectx to 192.168.1.3 port 80 (tcp) failed: Connection refused
root@unifi:~ # netstat -na | grep LISTEN tcp46 0 0 *.8843 *.* LISTEN tcp46 0 0 *.8443 *.* LISTEN tcp46 0 0 *.6789 *.* LISTEN tcp4 0 0 127.0.0.1.27117 *.* LISTEN tcp46 0 0 *.8880 *.* LISTEN tcp46 0 0 *.8080 *.* LISTEN
No. By default all ports are open. There is no firewall in TrueNAS. You need to manually do unsupported FreeBSD things to configure one.I'm wondering if perhaps I need to manually open up ports 22 and 443 inside the jail?
netstat -na
without the filter for LISTEN and check if the controller is bound to the UDP port, too. Should be 8443 UDP I guess because the forum post you found refers to their cloud solution. Which seems to be reachable at 80 and 443 instead of 8080 and 8443.sysrc sshd_enable=YES service sshd start
/etc/sshd/sshd_config
before you do the above. Look for the PermitRootLogin
line, remove the comment in the first column and change No to Yes. And set a root password for the jail, of course.iocage console <jailname>
in a root shell on your NAS.To get to a shell in the jail before ssh is available you can useiocage console <jailname>
in a root shell on your NAS.
iocage console
(I have even done this already) into the jail and it's the same thing. I was hung up on it being "broken" I guess. I did try to activate it as you instructed, but the password does not let me in and I do not see PermitRootLogin
in this file /etc/ssh/ssh_config
. An "sshd" version of the same does not exist.netstat -na
are:root@unifi:~ # netstat -na | grep udp udp46 0 0 *.3478 *.* udp46 0 0 *.5514 *.* udp46 0 0 *.10001 *.* udp4 0 0 192.168.1.3.44390 *.*
root@freenas[~]# iocage console cloud [...] root@cloud:~ # grep PermitRoot /etc/ssh/sshd_config PermitRootLogin prohibit-password root@cloud:~ #
Code:root@freenas[~]# iocage console cloud [...] root@cloud:~ # grep PermitRoot /etc/ssh/sshd_config PermitRootLogin prohibit-password root@cloud:~ #
ssh admin@unifi.local ssh root@192.168.1.3 ssh root@unifi.local
Right, I'll stick with iocage console. At least I know it's not related to the WebRTC issue.There's an adduser command that you can use in the jail. That will guide you through the process interactively. I would not use root.
But possibly the user needs to share data with the Unifi controller software somehow. So it could be necessary to have a certain user ID and a certain home directory - sorry, I don't know. We are again leaving the FreeBSD terrain and entering the Unifi one ;)
tcp4 31 0 192.168.1.3.51227 52.38.238.169.443 CLOSED
netstat -na
are right. I don't know how they flow from LAN to WAN though.Otherwise, the default ports are listed below:
- unifi.shutdown.port=8081 # for management purpose
- unifi.http.port=8080 # device inform
- unifi.https.port=8443 # controller UI / API
- portal.http.port=8880 # portal redirect port for HTTP
- portal.https.port=8843 # portal redirect port for HTTPs
- unifi.db.port=27117 # local-bound port for DB server
- unifi.stun.port=3478 # UDP port used for STUN
tcpdump
from? Do I call it from my client terminal or from iocage console?tcpdump -n -i epair0b
to live watch the packets. You can use -w
IIRC to write to a file that you can import into Wireshark on your desktop machine for easier and assisted analysis. man tcpdump
will give you the full documentation.This is an outbound connection. Your Unifi controller (probably) downloaded $something from that IP address via HTTPS.tcp4 31 0 192.168.1.3.51227 52.38.238.169.443 CLOSED
Which platform? You can still run a Linux VM instead of a jail on TrueNAS and run Unifi the way you used to do if that was the way.My other installs of Unifi have all worked with no hassle.
What is WebRTC supposed to do with Unifi, anyway? I run a controller on Ubuntu for half a dozen of access points and that's that. I mean, why is this a problem and who is supposed to talk WebRTC to your controller? Your browser? The managed devices?
Which platform? You can still run a Linux VM instead of a jail on TrueNAS and run Unifi the way you used to do if that was the way.