Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    FreeNAS jail behind pfSense NAT - do NOT specify a MAC address

    Scheduled Pinned Locked Moved NAT
    3 Posts 3 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      claudioc
      last edited by

      Hi all:

      I'm just trying to save others the same grief I went through.

      I have had this problem with several versions of Plex Media Server running in a jail on FreeNAS 9.x (again, various versions), all behind a pfSense 2.x firewall.

      When I initially setup the jail, I noted the MAC address it reported to pfSense, added it to the jail config and made a DHCP reservation in pfSense so that the IP address would always be the same.

      Well, it turns out that this makes port forwarding, whether by a NAT entry or UPnP/NAT-PMP, impossible. The ARP entry that pfSense keeps (whether you select static ARP for the DHCP reservation or not) is wrong, I believe.

      Anyway, if you don't specify a MAC address for the jail, UPnP works fine. I didn't test how things work if you specify a static IP for the jail, as that looked like a hassle to specify DNS servers, etc.

      FWIW, YMMV, and all other relevant caveats apply.

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        Pretty sure you should set your FreeNAS Jail IP address in FreeNAS, not using DHCP.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • K
          kpa
          last edited by

          Jails don't have their own network adapters that could be identied in DHCP by MAC addresses, they are just chroot type environments that use the host's network stack for connectivity. To give a jail an IP address you usually set up an IP alias on the host's network adapter and then assign that IP address to the jail in the jail configuration.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.