I'm not sure what you mean with "adding a second virtual interface to my router" (because I have many vlans) and if you're telling me that I need to create a static route table on FreeNAS that tells vlan10 (10.0.2.x) how to get to the internet by going through the admin interface (10.0.1.x) then you are not understanding what I am asking.
This is not what I am saying. I am saying that if 10.0.1.1 is your border router, you need to tell your jails how to reach it, otherwise you are obviously going to lose internet access from your jails. This information is something that your jails cannot pick up for free, you need to specify this. One way to do this, as I said, would be to configure a static route. This way, packets from your jails would flow over VLAN10 (and the relative physical nics and cables), reach your VLAN10 gateway, and from there flow over the trunk to the border router.
This, by the way, does not mean that your jails will be "using your admin interface". You have configured trunking, so packets will be tagged with the correct VLAN number while going over the wire already and are thus kept separate from each other. What you need is a way to tell your router how to route a packet coming from the 10.0.2.0 network to the 10.0.1.1 gateway to access the internet. If the router is configured with an IP address on both networks, you would get this for free.
By adding a second interface I meant that you could configure your router with an interface on the 10.0.2.0 network, with IP address 10.2.0.1 acting as the default gateway for your VLAN 10. On Cisco equipment you would call this a subinterface. You would then set the default route of your jails to this IP address and you could avoid adding a static route to 10.0.1.1 because both networks would be connected for the router.
On a more practical level, just to try and clear some confusion here: what happens when you ping 10.0.2.1? Is that a machine? Is that an interface on the router? Do you get a reply when you ping this?
router is setup where 10.0.1.x is the native vlan subnet and 10.0.2.x is vlan10
- I'm using a Fortigate 60c router connected to the netgear switch via trunked line
- netgear switch connects to FreeNAS box using 2 trunked lines and a normal ethernet line for admin purposes
- the FreeNAS box has 7 NICS - 4 are setup as lagg0, 2 are setup as lagg1 (vlan10 / 10.0.2.x passes over this) and 1 is the embedded motherboard NIC which is used for FreeNAS admin (vlan1 / 10.0.1.x)
- both my laggs are lacp
- vlan1 is used for administration of all network devices - vlan10 is for my personal, family traffic: plexmedia, owncloud, etc
- I am looking to pass vlan10 traffic to my two jails over the lagg vlan10 comes in on. vlan1 should not pass any vlan10 data.
- should I be using VIMAGE and if so, how do I bind it to my vlan interface in FreeNAS?
With regards to point 7: using VIMAGE (from the
docs) it looks like enabling it would allow you to configure several different settings, including default gateway for the jails, which is one of the things you need to do here. So yes, I would recommend trying with VIMAGE enabled.
http://www.freebsdonline.com/content/view/742/524/
setfib
this would work perfectly ... has anyone tried this with FreeNAS or does FreeNAS use something similar? I'm now considering maybe I should wipe this machine clean and do a regular setup of FreeBSD 9.3, building a custom kernel
Never personally tried setfib before but this is exactly what I have been trying to say until now lol. I seemed to remember that using defaultroute would be enough, but if you want to try this other way I suppose it won't hurt.