Freenas port issue

Hello,
does anyone know how to fix :
Error: [EFAULT] Please correct tcp(80:80) port rule as another running jail is using one of the mentioned ports.

there is no other jail using same host port, and if i set freenas webui to port 80 it works when accessing remotly, therefore all I want is to use 1 jail to host website (apache or node.js)
also passing other port numbers works

Sinisa94,

Your question is quite confusing. Could you try explaining it in a more structured way?
From what I could understand, you have the FreeNAS WebUI using port 80 and you want to run a website from within a jail using the same port and IP.

In such an environment you have a quite a few things that could be done.

You could put another webserver in front of FreeNAS’ own webserver interface and do redirects with name based virtual-hosts.

You could also setup a reverse-proxy setup such that http://hostname/freenas goes to FreeNAS’ interface, http://hostname/node goes to node and so on.

Or, in a best case scenario, you could ditch IPv4 entirely. With IPv6 this wouldn’t be an issue as you could have a different address for your TrueNAS, the jails and so on.
Before people come storming in to correct me, yes, this can be done with IPv4 as well, but it’s not ideal

Best regards,

vhns

hmm, let me try again
nothing is running on host port 80
→ i want to host jail with apache on that port
i can’t forward port 80 using VNAT port forwarding, if i do it throws error and denies running jail
i want to have webserver hosted @ http://hostname:80

Sinisa94,

Ah, much better now!

Ok, so what is happening is that you’re trying to run a jail, possibly as an underprivileged user, on a privileged port (<=1024). In that case, you can:

A: Run the jail as root. Definitely NOT recommended.

B: Setup a firewall rule such as that inbound traffic on port 80 gets redirected to, for example, port 8080 with the jail listening there.

Best regards,

vhns

nice, thanks for help, btw why are ports <1024 priviledged, is there way around it so i can use 443 as well

I recommend enabling VNET for your jails. This gives each jail it’s on IP stack, allowing you to do all the fun things like pf firewalls, tunnels and such.

Using NAT can cause conflicts if you have other jails or host services already running on that port.

thats the issue, there is no services/jails running on port 80 and it doesnt allow me to use it :confused:

You’re likely using jails in NAT mode. Port 80 will be in use by the UI. Try enabling VNET.

They are privileged because they are classified as “well-known” ports and you should not tinker with running custom stuff in that range. You can. But you shouldn’t.

TrueNAS web gui runs on port 80 by default. Run your jail on some other port, and then proxy the service.

When you run a jail it will bind via nat to the adapter you selected as the interface. I would suggest what @DavieDavieDavie suggested.

I switched ui to 81, to avoid conficts in first place :stuck_out_tongue:

Sinisa94,

As explained before, you’re gonna have to either setup a VNAT, ipfw/pf rule, run the jail as root, proxy the service, do a location proxy, recourse to IPv6 or manage your own way.

By the way, being sassy to people trying to help you is counter-productive.

If you are so sure nothing is running on 80 and you have the necessary permissions to do so (you don’t as the jail error showed) try running:

ss --all

That should list all the sockets/ports currently in use. I am not sure if it is part of FreeBSD’s default toolset or if they have a tool analogous to it. You can then grep around for port 80.

Best regards,

vhns

It is kind of historical, from the days when server computers were big and had a lot of users logged into them. Since only root could use the ports below 1024, people connecting to the webserver at port 80 on solaris-1.cs.colorado.edu (made up name) could trust that port 80 was an officially blessed webserver and not a random computer science student.

These days with everyone running their own Unix server (or 2 or 4 or 17) this is not a reliable indicator of anything.

You can set the lowest privileged port, default is 1023. This sysctl allows any process to run on port number 1024 or below.

sysctl net.inet.ip.portrange.reservedhigh=0

Although, I don’t recommend it. Launch as root to get a privileged port, but drop to and run with user privileges.