Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Jellyfin/Truenas/OMV cannot access internet outbound

    Firewalling
    2
    8
    537
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      lindsey.w
      last edited by lindsey.w

      Since switching to pfsense jellyfin is unable to download metadata. I've exhausted the jf forum , but in any case I'm 99.913% sure it's pfsense because truenas is unable to sync repositories and OMV on the same VM can't update. Any online resources are about portforwarding, which I've done and works great.

      Automatic metadata downloads don't work, and when I manually identify media I get a blank screen:

      f88d07d4-a472-4448-9e4c-f5c4810159f1-image.png

      Meta data lookups are plain hhtp/https apparently, so presumably it's a rule blocking outbound connections? Or lack of a rule allowing it?

      Jellyfin and openmediavault are on the same proxmox VM, with OMV as the OS. I can ping 8.8.8.8 from OMV cli, but if I run apt update I get "Could not resolve 'deb'debian.org'" etc.

      My pfsense has protonvpn.

      WAN rules are:

      367aabaa-53d2-4b7e-8a1c-a0c45f244e1b-image.png

      LAN rules are:

      0a145fb1-c359-48af-a560-5a9017e26ba3-image.png

      ProtonVPN rules:

      0fa69e38-28c3-42f4-90c7-fafd772039a3-image.png

      NAT Outbound:

      da4a4253-6e6a-49f0-95be-472b8681652e-image.png

      I'm not particularly knowledgeable about this and pfsense has been fun to dig and see the learning curve ahead of me. Please be gentle. I promise I tried before coming here!

      johnpozJ 1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @lindsey.w
        last edited by johnpoz

        @lindsey-w who would anything go out that vpn, when your not natting to the vpn interface?

        Also what are they using for dns? Your forcing all traffic out the gateway. Is what they are using for dns available through the vpn. Like are they using googledns or something?

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.03 | Lab VMs 2.7.2, 24.03

        L 1 Reply Last reply Reply Quote 0
        • L
          lindsey.w @johnpoz
          last edited by

          @johnpoz Dunno, I just followed the instructions on proton's website: https://protonvpn.com/support/pfsense-2-6-x-vpn-setup/

          Everything works from desktops/phones/laptops etc. It's just this VM that isn't. Proxmox itself is able to update, so presumably getting through the firewall fine. Perhaps it's a proxmox issue?

          johnpozJ 1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator @lindsey.w
            last edited by johnpoz

            @lindsey-w sorry but there is no way that is working. Your going out your old states would be my guess. And not sure what instructions said, but you clearly did not follow them.

            So your created an interface called protvpnau86, but your gateway is out openvpn. Which would be a road warrior setup of vpn, etc.

            I would start over..

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.03 | Lab VMs 2.7.2, 24.03

            L 1 Reply Last reply Reply Quote 0
            • L
              lindsey.w @johnpoz
              last edited by

              @johnpoz I'm using that network to post here, so that would suggest that it is in fact working somewhat.

              johnpozJ 1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator @lindsey.w
                last edited by johnpoz

                @lindsey-w old state - or you have your interfaces named different, and don't actually have vpn server setup?

                If your vpn connection is that protvpn interface - and your not natting to that IP, how would your traffic flow through your vpn??

                Do you have a hybrid nat above what you are showing for your outbound nat?

                here is a nat out a client vpn connection ns1vpn on my system

                vpn.jpg

                here is the client and interface assignments

                interfaces.jpg

                here is the gateway

                gateway.jpg

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.03 | Lab VMs 2.7.2, 24.03

                L 1 Reply Last reply Reply Quote 0
                • L
                  lindsey.w @johnpoz
                  last edited by

                  @johnpoz If I look up my public IP, its the protonvpn IP that I configured. Clearly you know vastly more than me but given that I can access the internet fine and my IP is the protonvpn IP, that tells me it's working.

                  L 1 Reply Last reply Reply Quote 0
                  • L
                    lindsey.w @lindsey.w
                    last edited by

                    @johnpoz I just reset pfsense to factory, tried to download jellyfin metadata, and it still does not work. Given that it is now a default pfsense, is there a firewall rule I need to allow jellyfin to access the web? Or is it possibly a proxmox issue?

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post