Solved Cannot access Netdata web interface

Hi all,
I am not sure if this is the correct category so please ignore me if it isn't.
I just installed net-mgmt/netdata in a webserver jail as follow:
pkg install netdata
sysrc netdata_enable="YES"
in /usr/local/etc/netdata/netdata.conf I changed
Code:
-bind to = 127.0.0.1
+bind to = 10.47.1.13
service netdata start
ps aux | grep netdata
Code:
netdata    64871  1.7  0.9 268440 220872  -  INJ  Fri11   90:42.16 /usr/local/sbin/netdata -u netdata -P /var/db/netdata/netdata.pid
netdata    69127  0.0  0.0  14908   2608  -  SNJ  11:08    0:03.23 /usr/local/libexec/netdata/plugins.d/apps.plugin 1
root       44818  0.0  0.0  14828   2012  0  R+J  13:29    0:00.00 grep netdata

In my /etc/pf.conf I added the following:
Code:
webjail1    = "10.47.1.13"
rdr on $ExtIf inet proto udp from  !($ExtIf) to $www_ext port 19999 -> $webjail1 port  19999
When I got to the http://webjailIP:1999 I get a blank screen.
Code:
The connection has timed out

I know Netdata is working because I keep getting email alert about low ram etc.. I simply cannot access the web interface.
Have I missed a pf rule?
 
Never used Netdata but I'm sure it creates a log file somewhere.
 
/var/log/netdata/error.log
Code:
2018-09-17 15:37:08: netdata INFO  : MAIN : resources control: allowed file descriptors: soft = 706392, max = 706392
2018-09-17 15:37:08: netdata ERROR : MAIN : Out-Of-Memory (OOM) score setting is not supported on this system. (errno 2, No such file or directory)
2018-09-17 15:37:08: netdata ERROR : MAIN : Cannot adjust netdata scheduling policy to nice (2), with priority 0. Falling back to nice. (errno 1, Operation not permitted)
2018-09-17 15:37:08: netdata INFO  : MAIN : netdata started on pid 96279.
2018-09-17 15:37:08: netdata INFO  : MAIN : Host 'mydomain.com' (at registry as 'mydomain.com') with guid '42524086-b802-11e8-b2d5-f04da201ecf6' initialized, os 'freebsd', timezone 'BST', tags '', program_name 'netdata', program_version '1.10.0', update every 1, memory mode save, history entries 86940, streaming disabled (to '' with api key ''), health enabled, cache_dir '/var/cache/netdata', varlib_dir '/var/db/netdata', health_log '/var/db/netdata/health/health-log.db', alarms default handler '/usr/local/libexec/netdata/plugins.d/alarm-notify.sh', alarms default recipient 'root'
2018-09-17 15:37:08: netdata INFO  : PLUGINSD : thread created with task id 102892
2018-09-17 15:37:08: netdata INFO  : PLUGIN[freebsd] : thread created with task id 102884
2018-09-17 15:37:08: netdata INFO  : PLUGIN[idlejitter] : thread created with task id 102887
2018-09-17 15:37:08: netdata INFO  : HEALTH : thread created with task id 102891
2018-09-17 15:37:08: netdata INFO  : BACKENDS : thread created with task id 102889
2018-09-17 15:37:08: netdata INFO  : PLUGINSD[python.d] : thread created with task id 102923
2018-09-17 15:37:08: netdata INFO  : MAIN : netdata initialization completed. Enjoy real-time performance monitoring!
2018-09-17 15:37:08: netdata INFO  : STATSD : thread created with task id 102902
2018-09-17 15:37:08: netdata INFO  : PLUGINSD[apps] : thread created with task id 102910
2018-09-17 15:37:08: netdata INFO  : WEB_SERVER[static1] : thread created with task id 102894
2018-09-17 15:37:08: netdata INFO  : PLUGINSD[node.d] : thread created with task id 102936
2018-09-17 15:37:08: netdata INFO  : PLUGINSD[fping] : thread created with task id 102939
2018-09-17 15:37:08: netdata INFO  : PLUGINSD[charts.d] : thread created with task id 102942
2018-09-17 15:37:08: netdata ERROR : PLUGINSD : cannot open plugins directory '/usr/local/etc/netdata/custom-plugins.d' (errno 2, No such file or directory)
2018-09-17 15:37:08: netdata INFO  : PLUGINSD[python.d] : connected to '/usr/local/libexec/netdata/plugins.d/python.d.plugin' running on pid 3843
2018-09-17 15:37:08: netdata INFO  : BACKENDS : cleaning up...
2018-09-17 15:37:08: netdata INFO  : BACKENDS : thread with task id 102889 finished
2018-09-17 15:37:08: netdata INFO  : PLUGINSD[apps] : connected to '/usr/local/libexec/netdata/plugins.d/apps.plugin' running on pid 19630
2018-09-17 15:37:08: netdata INFO  : WEB_SERVER[static1] : starting worker 2
2018-09-17 15:37:08: netdata INFO  : WEB_SERVER[static1] : starting worker 3
2018-09-17 15:37:08: netdata INFO  : WEB_SERVER[static2] : thread created with task id 100306
2018-09-17 15:37:08: netdata INFO  : WEB_SERVER[static2] : POLLFD: LISTENER: listening on 'tcp:10.44.1.17:19999'
2018-09-17 15:37:08: netdata INFO  : WEB_SERVER[static1] : starting worker 4
2018-09-17 15:37:08: netdata INFO  : WEB_SERVER[static1] : starting worker 5
2018-09-17 15:37:08: netdata INFO  : WEB_SERVER[static3] : thread created with task id 102946
2018-09-17 15:37:08: netdata INFO  : WEB_SERVER[static1] : starting worker 6
2018-09-17 15:37:08: netdata ERROR : STATSD : LISTENER: IPv6 socket() on ip '::1' port 8125, socktype 2, failed. (errno 43, Protocol not supported)
2018-09-17 15:37:08: netdata INFO  : WEB_SERVER[static4] : thread created with task id 102948
2018-09-17 15:37:08: netdata INFO  : WEB_SERVER[static3] : POLLFD: LISTENER: listening on 'tcp:10.44.1.17:19999'
2018-09-17 15:37:08: netdata INFO  : WEB_SERVER[static5] : thread created with task id 102962
2018-09-17 15:37:08: netdata INFO  : WEB_SERVER[static6] : thread created with task id 102964
2018-09-17 15:37:08: netdata INFO  : WEB_SERVER[static4] : POLLFD: LISTENER: listening on 'tcp:10.44.1.17:19999'
2018-09-17 15:37:08: netdata INFO  : WEB_SERVER[static1] : POLLFD: LISTENER: listening on 'tcp:10.44.1.17:19999'
2018-09-17 15:37:08: netdata INFO  : WEB_SERVER[static6] : POLLFD: LISTENER: listening on 'tcp:10.44.1.17:19999'
2018-09-17 15:37:08: netdata INFO  : WEB_SERVER[static5] : POLLFD: LISTENER: listening on 'tcp:10.44.1.17:19999'
2018-09-17 15:37:08: netdata ERROR : STATSD : LISTENER: Cannot bind to ip '::1', port 8125
2018-09-17 15:37:08: netdata ERROR : STATSD : LISTENER: IPv6 socket() on ip '::1' port 8125, socktype 1, failed. (errno 43, Protocol not supported)
2018-09-17 15:37:08: netdata INFO  : PLUGINSD[fping] : connected to '/usr/local/libexec/netdata/plugins.d/fping.plugin' running on pid 28623
2018-09-17 15:37:08: netdata ERROR : STATSD : LISTENER: Cannot bind to ip '::1', port 8125
2018-09-17 15:37:08: netdata INFO  : PLUGINSD[node.d] : connected to '/usr/local/libexec/netdata/plugins.d/node.d.plugin' running on pid 26650
2018-09-17 15:37:08: netdata INFO  : PLUGINSD[charts.d] : connected to '/usr/local/libexec/netdata/plugins.d/charts.d.plugin' running on pid 31893
2018-09-17 15:37:08: netdata INFO  : STATSD : LISTENER: Listen socket udp:127.0.0.1:8125 opened successfully.
2018-09-17 15:37:08: netdata INFO  : STATSD : LISTENER: Listen socket tcp:127.0.0.1:8125 opened successfully.
2018-09-17 15:37:08: netdata INFO  : STATSD_COLLECTOR[1] : thread created with task id 102965
2018-09-17 15:37:08: netdata INFO  : STATSD_COLLECTOR[1] : STATSD collector thread started with taskid 102965
2018-09-17 15:37:08: netdata INFO  : STATSD_COLLECTOR[1] : POLLFD: LISTENER: listening on 'udp:127.0.0.1:8125'
2018-09-17 15:37:08: netdata INFO  : STATSD_COLLECTOR[1] : POLLFD: LISTENER: listening on 'tcp:127.0.0.1:8125'
2018-09-17 15:37:08: apps.plugin ERROR : MAIN : apps.plugin should either run as root (now running with uid 302, euid 302) or have special capabilities. Without these, apps.plugin cannot report disk I/O utilization of other processes. Your system does not support capabilities. To enable setuid to root run: sudo chown root /usr/local/libexec/netdata/plugins.d/apps.plugin; sudo chmod 4755 /usr/local/libexec/netdata/plugins.d/apps.plugin;  (errno 2, No such file or directory)
2018-09-17 15:37:08: apps.plugin INFO  : MAIN : started on pid 19630
/usr/local/libexec/netdata/plugins.d/python.d.plugin: line 3: exec: ERROR python IS NOT AVAILABLE IN THIS SYSTEM: not found
2018-09-17 15:37:08: netdata ERROR : PLUGINSD[python.d] : read failed
2018-09-17 15:37:08: netdata ERROR : PLUGINSD[python.d] : '/usr/local/libexec/netdata/plugins.d/python.d.plugin' (pid 3843) disconnected after 0 successful data collections (ENDs).
2018-09-17 15:37:08: netdata ERROR : PLUGINSD[python.d] : child pid 3843 exited with code 127.
2018-09-17 15:37:08: netdata ERROR : PLUGINSD[python.d] : '/usr/local/libexec/netdata/plugins.d/python.d.plugin' (pid 3843) exited with error code 127. Disabling it.
2018-09-17 15:37:08: netdata INFO  : PLUGINSD[python.d] : thread with task id 102923 finished
/usr/local/libexec/netdata/plugins.d/node.d.plugin: line 2: exec: ERROR node.js IS NOT AVAILABLE IN THIS SYSTEM: not found
2018-09-17 15:37:08: netdata ERROR : PLUGINSD[node.d] : read failed
2018-09-17 15:37:08: netdata ERROR : PLUGINSD[node.d] : '/usr/local/libexec/netdata/plugins.d/node.d.plugin' (pid 26650) disconnected after 0 successful data collections (ENDs).
2018-09-17 15:37:08: netdata ERROR : PLUGINSD[node.d] : child pid 26650 exited with code 127.
2018-09-17 15:37:08: netdata ERROR : PLUGINSD[node.d] : '/usr/local/libexec/netdata/plugins.d/node.d.plugin' (pid 26650) exited with error code 127. Disabling it.
2018-09-17 15:37:08: netdata INFO  : PLUGINSD[node.d] : thread with task id 102936 finished
2018-09-17 15:37:08: fping.plugin: FATAL: no hosts configured in '/usr/local/etc/netdata/fping.conf' - nothing to do.
2018-09-17 15:37:08: netdata INFO  : PLUGINSD[fping] : called DISABLE. Disabling it.
2018-09-17 15:37:08: netdata ERROR : PLUGINSD[fping] : '/usr/local/libexec/netdata/plugins.d/fping.plugin' (pid 28623) disconnected after 0 successful data collections (ENDs).
2018-09-17 15:37:08: netdata ERROR : PLUGINSD[fping] : child pid 28623 exited with code 1.
2018-09-17 15:37:08: netdata ERROR : PLUGINSD[fping] : '/usr/local/libexec/netdata/plugins.d/fping.plugin' (pid 28623) exited with error code 1. Disabling it.
2018-09-17 15:37:08: netdata INFO  : PLUGINSD[fping] : thread with task id 102939 finished
2018-09-17 15:37:08: charts.d: INFO: main: started from '/usr/local/libexec/netdata/plugins.d/charts.d.plugin' with options: 1
/usr/local/libexec/netdata/plugins.d/loopsleepms.sh.inc: line 36: /proc/uptime: No such file or directory
/usr/local/libexec/netdata/plugins.d/charts.d.plugin: Cannot read /proc/uptime - falling back to current_time_ms_from_date().
/usr/local/libexec/netdata/plugins.d/charts.d.plugin: Invalid setup for current_time_ms_from_uptime() - falling back to current_time_ms_from_date().
2018-09-17 15:37:08: charts.d: INFO: apache: is disabled. Add a line with apache=force in /usr/local/etc/netdata/charts.d.conf to enable it (or remove the line that disables it).
2018-09-17 15:37:08: charts.d: INFO: cpu_apps: is disabled. Add a line with cpu_apps=force in /usr/local/etc/netdata/charts.d.conf to enable it (or remove the line that disables it).
2018-09-17 15:37:08: charts.d: INFO: cpufreq: is disabled. Add a line with cpufreq=force in /usr/local/etc/netdata/charts.d.conf to enable it (or remove the line that disables it).
2018-09-17 15:37:08: charts.d: INFO: example: is disabled. Add a line with example=force in /usr/local/etc/netdata/charts.d.conf to enable it (or remove the line that disables it).
2018-09-17 15:37:08: charts.d: INFO: exim: is disabled. Add a line with exim=force in /usr/local/etc/netdata/charts.d.conf to enable it (or remove the line that disables it).
2018-09-17 15:37:08: charts.d: INFO: hddtemp: is disabled. Add a line with hddtemp=force in /usr/local/etc/netdata/charts.d.conf to enable it (or remove the line that disables it).
2018-09-17 15:37:08: charts.d: INFO: load_average: is disabled. Add a line with load_average=force in /usr/local/etc/netdata/charts.d.conf to enable it (or remove the line that disables it).
2018-09-17 15:37:08: charts.d: INFO: mem_apps: is disabled. Add a line with mem_apps=force in /usr/local/etc/netdata/charts.d.conf to enable it (or remove the line that disables it).
2018-09-17 15:37:08: charts.d: INFO: mysql: is disabled. Add a line with mysql=force in /usr/local/etc/netdata/charts.d.conf to enable it (or remove the line that disables it).
2018-09-17 15:37:08: charts.d: INFO: nginx: is disabled. Add a line with nginx=force in /usr/local/etc/netdata/charts.d.conf to enable it (or remove the line that disables it).
2018-09-17 15:37:08: charts.d: INFO: phpfpm: is disabled. Add a line with phpfpm=force in /usr/local/etc/netdata/charts.d.conf to enable it (or remove the line that disables it).
2018-09-17 15:37:08: charts.d: INFO: postfix: is disabled. Add a line with postfix=force in /usr/local/etc/netdata/charts.d.conf to enable it (or remove the line that disables it).
2018-09-17 15:37:08: charts.d: INFO: sensors: is disabled. Add a line with sensors=force in /usr/local/etc/netdata/charts.d.conf to enable it (or remove the line that disables it).
2018-09-17 15:37:08: charts.d: INFO: squid: is disabled. Add a line with squid=force in /usr/local/etc/netdata/charts.d.conf to enable it (or remove the line that disables it).
2018-09-17 15:37:08: charts.d: INFO: tomcat: is disabled. Add a line with tomcat=force in /usr/local/etc/netdata/charts.d.conf to enable it (or remove the line that disables it).
2018-09-17 15:37:08: charts.d: WARNING: ap: command 'iw' is not found in /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin://bin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin.
2018-09-17 15:37:08: charts.d: ERROR: ap: module's 'ap' check() function reports failure.
2018-09-17 15:37:08: charts.d: WARNING: apcupsd: command 'apcaccess' is not found in /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin://bin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin.
2018-09-17 15:37:08: charts.d: ERROR: apcupsd: module's 'apcupsd' check() function reports failure.
2018-09-17 15:37:08: charts.d: WARNING: libreswan: command 'ipsec' is not found in /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin://bin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin.
2018-09-17 15:37:08: charts.d: ERROR: libreswan: module's 'libreswan' check() function reports failure.
2018-09-17 15:37:08: charts.d: WARNING: nut: command 'upsc' is not found in /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin://bin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin.
2018-09-17 15:37:08: charts.d: ERROR: nut: module's 'nut' check() function reports failure.
2018-09-17 15:37:08: charts.d: WARNING: opensips: command 'opensipsctl' is not found in /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin://bin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin.
2018-09-17 15:37:08: charts.d: ERROR: opensips: module's 'opensips' check() function reports failure.
2018-09-17 15:37:08: charts.d: FATAL: main: No charts to collect data from.
2018-09-17 15:37:08: netdata INFO  : PLUGINSD[charts.d] : called DISABLE. Disabling it.
2018-09-17 15:37:08: netdata ERROR : PLUGINSD[charts.d] : '/usr/local/libexec/netdata/plugins.d/charts.d.plugin' (pid 31893) disconnected after 0 successful data collections (ENDs).
2018-09-17 15:37:08: netdata ERROR : PLUGINSD[charts.d] : '/usr/local/libexec/netdata/plugins.d/charts.d.plugin' (pid 31893) does not generate useful output but it reports success (exits with 0). Will not start it again - it is now disabled..
2018-09-17 15:37:09: apps.plugin ERROR : MAIN : pid 96279 netdata states parent 1, but the later does not exist.
2018-09-17 15:37:09: netdata ERROR : PLUGIN[freebsd] : FREEBSD: sysctl(dev.cpu.0.temperature...) failed: No such file or directory (errno 2, No such file or directory)
2018-09-17 15:37:09: netdata ERROR : PLUGIN[freebsd] : DISABLED: cpu.temperature chart
2018-09-17 15:37:09: netdata ERROR : PLUGIN[freebsd] : DISABLED: dev.cpu.temperature module
2018-09-17 15:37:09: netdata ERROR : PLUGIN[freebsd] : FREEBSD: sysctl(dev.cpu.0.freq...) failed: No such file or directory (errno 2, No such file or directory)
2018-09-17 15:37:09: netdata ERROR : PLUGIN[freebsd] : DISABLED: cpu.scaling_cur_freq chart
2018-09-17 15:37:09: netdata ERROR : PLUGIN[freebsd] : DISABLED: dev.cpu.0.freq module
2018-09-17 15:37:09: netdata ERROR : PLUGIN[freebsd] : FREEBSD: can't get socket for ipfw configuration (errno 1, Operation not permitted)
2018-09-17 15:37:09: netdata ERROR : PLUGIN[freebsd] : FREEBSD: run netdata as root to get access to ipfw data
2018-09-17 15:37:09: netdata ERROR : PLUGIN[freebsd] : DISABLED: ipfw.packets chart
2018-09-17 15:37:09: netdata ERROR : PLUGIN[freebsd] : DISABLED: ipfw.bytes chart
2018-09-17 15:37:09: netdata ERROR : PLUGIN[freebsd] : DISABLED: ipfw.dyn_active chart
2018-09-17 15:37:09: netdata ERROR : PLUGIN[freebsd] : DISABLED: ipfw.dyn_expired chart
2018-09-17 15:37:09: netdata ERROR : PLUGIN[freebsd] : DISABLED: ipfw.mem chart
2018-09-17 15:37:09: netdata INFO  : PLUGIN[freebsd] : File /var/cache/netdata/netdata.compression_ratio/savings.db is too old (last collected 1537195029 seconds ago, but the database is 86940 seconds). Clearing it.
2018-09-17 15:37:10: apps.plugin ERROR : MAIN : pid 96279 netdata states parent 1, but the later does not exist.
2018-09-17 15:37:11: apps.plugin ERROR : MAIN : pid 96279 netdata states parent 1, but the later does not exist.
2018-09-17 15:37:12: apps.plugin ERROR : MAIN : pid 96279 netdata states parent 1, but the later does not exist.
2018-09-17 15:37:13: apps.plugin ERROR : MAIN : pid 96279 netdata states parent 1, but the later does not exist.
2018-09-17 15:37:14: apps.plugin ERROR : MAIN : pid 96279 netdata states parent 1, but the later does not exist.
2018-09-17 15:37:15: apps.plugin ERROR : MAIN : pid 96279 netdata states parent 1, but the later does not exist.
2018-09-17 15:37:16: apps.plugin ERROR : MAIN : pid 96279 netdata states parent 1, but the later does not exist.
2018-09-17 15:37:17: apps.plugin ERROR : MAIN : pid 96279 netdata states parent 1, but the later does not exist.
2018-09-17 15:37:18: apps.plugin ERROR : MAIN : pid 96279 netdata states parent 1, but the later does not exist.
usage: date [-jnRu] [-d dst] [-r seconds] [-t west] [-v[+|-]val[ymwdHMS]] ...
            [-f fmt date | [[[[[cc]yy]mm]dd]HH]MM[.ss]] [+format]
2018-09-17 15:37:18: netdata INFO  : PLUGINSD[charts.d] : thread with task id 102942 finished
2018-09-17 15:37:19: apps.plugin ERROR : MAIN : pid 96279 netdata states parent 1, but the later does not exist.
2018-09-17 15:37:19: alarm-notify.sh: INFO: sent email notification for: mydomain.com system.ram.ram_in_use is WARNING to 'root'
2018-09-17 15:37:20: apps.plugin ERROR : MAIN : pid 96279 netdata states parent 1, but the later does not exist.
2018-09-17 15:37:21: apps.plugin ERROR : MAIN : pid 96279 netdata states parent 1, but the later does not exist.
2018-09-17 15:37:22: apps.plugin ERROR : MAIN : pid 96279 netdata states parent 1, but the later does not exist.
2018-09-17 15:37:23: apps.plugin ERROR : MAIN : pid 96279 netdata states parent 1, but the later does not exist.
2018-09-17 15:37:24: apps.plugin ERROR : MAIN : pid 96279 netdata states parent 1, but the later does not exist.
2018-09-17 15:37:25: apps.plugin ERROR : MAIN : pid 96279 netdata states parent 1, but the later does not exist.
2018-09-17 15:37:26: apps.plugin ERROR : MAIN : pid 96279 netdata states parent 1, but the later does not exist.
2018-09-17 15:37:27: apps.plugin ERROR : MAIN : pid 96279 netdata states parent 1, but the later does not exist.
2018-09-17 15:37:28: apps.plugin ERROR : MAIN : pid 96279 netdata states parent 1, but the later does not exist.
2018-09-17 15:37:29: apps.plugin ERROR : MAIN : pid 96279 netdata states parent 1, but the later does not exist.
2018-09-17 15:37:30: apps.plugin ERROR : MAIN : pid 96279 netdata states parent 1, but the later does not exist.
2018-09-17 15:37:31: apps.plugin ERROR : MAIN : pid 96279 netdata states parent 1, but the later does not exist.
2018-09-17 15:37:32: apps.plugin ERROR : MAIN : pid 96279 netdata states parent 1, but the later does not exist.
2018-09-17 15:37:33: apps.plugin ERROR : MAIN : pid 96279 netdata states parent 1, but the later does not exist.
2018-09-17 15:37:34: apps.plugin ERROR : MAIN : pid 96279 netdata states parent 1, but the later does not exist.
2018-09-17 15:37:35: apps.plugin ERROR : MAIN : pid 96279 netdata states parent 1, but the later does not exist.
2018-09-17 15:37:36: apps.plugin ERROR : MAIN : pid 96279 netdata states parent 1, but the later does not exist.
2018-09-17 15:37:37: apps.plugin ERROR : MAIN : pid 96279 netdata states parent 1, but the later does not exist.
2018-09-17 15:37:38: apps.plugin ERROR : MAIN : pid 96279 netdata states parent 1, but the later does not exist.
2018-09-17 15:37:39: apps.plugin ERROR : MAIN : pid 96279 netdata states parent 1, but the later does not exist.
2018-09-17 15:37:40: apps.plugin ERROR : MAIN : pid 96279 netdata states parent 1, but the later does not exist.
2018-09-17 15:37:41: apps.plugin ERROR : MAIN : pid 96279 netdata states parent 1, but the later does not exist.
2018-09-17 15:37:42: apps.plugin ERROR : MAIN : pid 96279 netdata states parent 1, but the later does not exist.
2018-09-17 15:37:43: apps.plugin ERROR : MAIN : pid 96279 netdata states parent 1, but the later does not exist.
2018-09-17 15:37:44: apps.plugin ERROR : MAIN : pid 96279 netdata states parent 1, but the later does not exist.
2018-09-17 15:37:45: apps.plugin ERROR : MAIN : pid 96279 netdata states parent 1, but the later does not exist.
2018-09-17 15:37:46: apps.plugin ERROR : MAIN : pid 96279 netdata states parent 1, but the later does not exist.
2018-09-17 15:37:47: apps.plugin ERROR : MAIN : pid 96279 netdata states parent 1, but the later does not exist.
2018-09-17 15:37:48: apps.plugin ERROR : MAIN : pid 96279 netdata states parent 1, but the later does not exist.
2018-09-17 15:37:49: apps.plugin ERROR : MAIN : pid 96279 netdata states parent 1, but the later does not exist.
2018-09-17 15:37:50: apps.plugin ERROR : MAIN : pid 96279 netdata states parent 1, but the later does not exist.
2018-09-17 15:37:51: apps.plugin ERROR : MAIN : pid 96279 netdata states parent 1, but the later does not exist.
2018-09-17 15:37:52: apps.plugin ERROR : MAIN : pid 96279 netdata states parent 1, but the later does not exist.
2018-09-17 15:37:53: apps.plugin ERROR : MAIN : pid 96279 netdata states parent 1, but the later does not exist.
2018-09-17 15:37:54: apps.plugin ERROR : MAIN : pid 96279 netdata states parent 1, but the later does not exist.
2018-09-17 15:37:55: apps.plugin ERROR : MAIN : pid 96279 netdata states parent 1, but the later does not exist.
2018-09-17 15:37:56: apps.plugin ERROR : MAIN : pid 96279 netdata states parent 1, but the later does not exist.
2018-09-17 15:37:57: apps.plugin ERROR : MAIN : pid 96279 netdata states parent 1, but the later does not exist.
2018-09-17 15:37:58: apps.plugin ERROR : MAIN : pid 96279 netdata states parent 1, but the later does not exist.
2018-09-17 15:37:59: apps.plugin ERROR : MAIN : pid 96279 netdata states parent 1, but the later does not exist.
2018-09-17 15:38:00: apps.plugin ERROR : MAIN : pid 96279 netdata states parent 1, but the later does not exist.
2018-09-17 15:38:01: apps.plugin ERROR : MAIN : pid 96279 netdata states parent 1, but the later does not exist.
2018-09-17 15:38:02: apps.plugin ERROR : MAIN : pid 96279 netdata states parent 1, but the later does not exist.
2018-09-17 15:38:03: apps.plugin ERROR : MAIN : pid 96279 netdata states parent 1, but the later does not exist.
2018-09-17 15:38:04: apps.plugin ERROR : MAIN : pid 96279 netdata states parent 1, but the later does not exist.
2018-09-17 15:38:05: apps.plugin ERROR : MAIN : pid 96279 netdata states parent 1, but the later does not exist.
2018-09-17 15:38:06: apps.plugin ERROR : MAIN : pid 96279 netdata states parent 1, but the later does not exist.
2018-09-17 15:38:07: apps.plugin ERROR : MAIN : pid 96279 netdata states parent 1, but the later does not exist.
2018-09-17 15:38:08: apps.plugin ERROR : MAIN : pid 96279 netdata states parent 1, but the later does not exist.
2018-09-17 15:38:09: apps.plugin ERROR : MAIN : pid 96279 netdata states parent 1, but the later does not exist.
2018-09-17 15:38:10: apps.plugin ERROR : MAIN : pid 96279 netdata states parent 1, but the later does not exist.
2018-09-17 15:38:11: apps.plugin ERROR : MAIN : pid 96279 netdata states parent 1, but the later does not exist.
2018-09-17 15:38:12: apps.plugin ERROR : MAIN : pid 96279 netdata states parent 1, but the later does not exist.
2018-09-17 15:38:13: apps.plugin ERROR : MAIN : pid 96279 netdata states parent 1, but the later does not exist.
2018-09-17 15:38:14: apps.plugin ERROR : MAIN : pid 96279 netdata states parent 1, but the later does not exist.
2018-09-17 15:38:47: apps.plugin Too many logs (101 logs in 99 seconds, threshold is set to 100 logs in 3600 seconds). Preventing more logs from process 'apps.plugin' for 3501 seconds.
usage: date [-jnRu] [-d dst] [-r seconds] [-t west] [-v[+|-]val[ymwdHMS]] ...
            [-f fmt date | [[[[[cc]yy]mm]dd]HH]MM[.ss]] [+format]
2018-09-17 15:38:50: alarm-notify.sh: INFO: sent email notification for: mydomain.com system.ram.ram_available is WARNING to 'root'
usage: date [-jnRu] [-d dst] [-r seconds] [-t west] [-v[+|-]val[ymwdHMS]] ...
            [-f fmt date | [[[[[cc]yy]mm]dd]HH]MM[.ss]] [+format]
2018-09-17 15:39:39: alarm-notify.sh: INFO: sent email notification for: mydomain.com system.ram.ram_in_use is CRITICAL to 'root'
usage: date [-jnRu] [-d dst] [-r seconds] [-t west] [-v[+|-]val[ymwdHMS]] ...
            [-f fmt date | [[[[[cc]yy]mm]dd]HH]MM[.ss]] [+format]
2018-09-17 16:00:42: alarm-notify.sh: INFO: sent email notification for: mydomain.com system.ram.ram_available is CLEAR to 'root'
I am not sure if I should delete log so it can read it or if the issue is at the first line 'Out-Of-Memory (OOM) score setting is not supported on this system.'
 
Hi,
Could someone please tell me if my issue is pf or config related so I know which direction to look, please?
 
This begs the question, where did you put that pf.conf you posted?

And I see some mentioning of jails, is this in a jail? How's the jail configured? How's the host configured?

(The redirection rule looks wrong in any case, HTTP typically uses TCP not UDP.)
 
SirDice is right. I just saw it now. Unless it is a typo...

Code:
rdr on $ExtIf inet proto udp from  !($ExtIf) to $www_ext port 19999 -> $webjail1 port  19999

That should be TCP and not UDP
 
Hi guys, thank you for the input.
You are right, I wrongly copied the line and forgot to change it to TCP. I corrected it and the issue is still the same .
My /etc/pf.conf is located on the FreeBSD host and the full file is bellow
Code:
ExtIf    = "lagg0"
Jail_net = "10.47.1.0/24"

www_int   = "10.47.1.11"
www_ext   = "194.12.xx.xxx"
sophimail = "194.12.xx.xxx"
ext       = "194.12.xx.xxx"

# --- jails ---
nginx         = "10.47.1.11"
unifi         = "10.47.1.12"
webjail       = "10.47.1.14"
colocation    = "10.47.1.15"

webservices = "{80, 443}"
unifiservices = "{8080, 8443, 8843, 8880, 8080}"
mailservices = "{25, 993, 995, 465, 143, 587}"
netbios_tcp = "{135, 139, 445}"
netbios_udp = "{135, 139, 445}"
IPv4_icmp_types = "{ echoreq, unreach }"

table <TRUSTED> persist file "/etc/pf-files/trusted.pftable"
table <BANNEDZONE> persist file "/etc/pf-files/bannedzones.pftable"


### all incoming traffic on external interface is normalized and fragmented
### packets are reassembled.
scrub in on $ExtIf all fragment reassemble

nat on $ExtIf from $Jail_net to !$Jail_net -> 194.12.xx.xxx

# Reverse Proxy
# --- redirect http traffic to the internal web proxy server ---
rdr on $ExtIf inet proto tcp from  !($ExtIf) to $www_ext port http  -> $www_int port  http
rdr on $ExtIf inet proto tcp from  !($ExtIf) to $www_ext port https -> $www_int port  https

# Unifi Controler
# --- redirect unifi controler traffic to the unifi jail server ---
rdr on $ExtIf inet proto tcp from  !($ExtIf) to $www_ext port 8080  -> $unifi port  8080
rdr on $ExtIf inet proto tcp from  !($ExtIf) to $www_ext port 8443  -> $unifi port  8443
rdr on $ExtIf inet proto tcp from  !($ExtIf) to $www_ext port 8843  -> $unifi port  8843
rdr on $ExtIf inet proto tcp from  !($ExtIf) to $www_ext port 8880  -> $unifi port  8880
rdr on $ExtIf inet proto udp from  !($ExtIf) to $www_ext port 8080  -> $unifi port  8080

# Netdata
# --- redirect Netdata to the internal webjail server ---
rdr on $ExtIf inet proto tcp from  !($ExtIf) to $www_ext port 19999 -> $webjail port  19999

# Anchors
rdr-anchor "openvpn"

rdr on $ExtIf inet proto tcp from !($ExtIf) to $ext port 1124 -> $nginx        port 22
rdr on $ExtIf inet proto tcp from !($ExtIf) to $ext port 1125 -> $unifi        port 22
rdr on $ExtIf inet proto tcp from !($ExtIf) to $ext port 1126 -> $colocation   port 22
rdr on $ExtIf inet proto tcp from !($ExtIf) to $ext port 1127 -> $webjail      port 22


### set a default deny everything policy.
block log all

### exercise antispoofing on the external interface, but add the local
### loopback interface as an exception, to prevent services utilizing the
### local loop from being blocked accidentally.
set skip on lo

antispoof for $ExtIf inet

### get rid quick of Internet noise like microsoft netbios service.
### This accounts to 80% of dropped traffic. We don't need to log this also
block in quick on $ExtIf proto tcp from any to any port $netbios_tcp
block in quick on $ExtIf proto udp from any to any port $netbios_udp

anchor "openvpn"

### Quick blocks
#block drop in log quick on $ExtIf from <BLOCKTEMP> to any
block drop in log quick on $ExtIf proto tcp from <BANNEDZONE> to any


### $ExtIf inbound

pass in log on $ExtIf inet proto tcp from 91.203.xx.xxx to $sophimail port 22
pass in log on $ExtIf inet proto tcp from 208.95.xx.xxx to any port 10050

# --- pass icmp echo
pass in log on $ExtIf inet proto icmp all icmp-type $IPv4_icmp_types

# --- pass incoming http/https traffic --
pass in log on $ExtIf inet proto tcp  from !($ExtIf)    to $www_int port $webservices
pass in log on $ExtIf inet proto tcp  from !($ExtIf)    to $ubiquiti port $unifiservices

# --- pass incoming ssh traffic --
pass in quick log on $ExtIf proto tcp from <TRUSTED> to $ExtIf          port 22222
#pass in quick log on $ExtIf proto tcp from any to $ExtIf               port 22222
pass in quick log on $ExtIf proto tcp from !($ExtIf) to $nginx          port 22
pass in quick log on $ExtIf proto tcp from !($ExtIf) to $unifi            port 22
pass in quick log on $ExtIf proto tcp from !($ExtIf) to $colocation     port 22
pass in quick log on $ExtIf proto tcp from !($ExtIf) to $webjail         port 22


# --- pass incoming ftp traffic ---
#pass in log on $ExtIf inet proto tcp  from !($ExtIf) to $ftp_int port 21
#pass in log on $ExtIf inet proto tcp  from !($ExtIf) to $ftp_int port 49000:51000

# --- pass incoming mail traffic ---
pass in log on $ExtIf inet proto tcp from any to $sophimail port $mailservices
pass in log on $ExtIf inet proto tcp from any to $sophimail port $webservices

### $ExtIf outbound
pass out log on $ExtIf inet proto { tcp, udp, icmp } from any to any modulate state
The webserver i am trying to monitor is indeed a jail build using /sysutils/cbsd.
not sure what info you need regarding the jail? It is server a live website that has been running fir 1 year. It also send email alert about netdata.

SirDice could you please move this to the correct category if not pf related?
gkontos nice to hear from you again :)
 
The easiest way to rule out if it is a firewall issue is to perform a #telnet <jailIP> 19999 from the host and see if you get a response.
 
Ok, so you need to connect to the external address of the host, not the internal address of the webjail. I assume you're testing this with a browser on your workstation, not the host itself.
 
From the Host...
telnet 10.47.1.14 19999
Code:
Trying 10.47.1.17...
Connected to 10.47.1.17.
Escape character is '^]'.
So does this mean pf is redirecting correctly and my issue is with the netdata config file?
 
So does this mean pf is redirecting correctly and my issue is with the netdata config file?
No, this bypasses PF because you're on the host itself and are connecting directly to the jail. This test ensures there's actually something running/listening on the jail. If this would fail everything else would fail too.
 
From the office...
Code:
telnet 194.12.xx.xxx 19999
Trying 194.12.xx.xxx...
telnet: Unable to connect to remote host: Resource temporarily unavailable
 
So the test show host to jail on 19999 is ok but not from outside work..
I am assuming issue with my pf rule
 
In that case the only way to solve your problem is to make sure that logging is enabled in all your rules and run a tcpdump on pflog. More info here.
 
I think I found your problem, you only have the NAT in place but not the actual rule that permits the traffic:

Code:
pass in log on $ExtIf inet proto tcp  from !($ExtIf)  to $webjail port  19999
 
Back
Top