Thanx,
What I learned from today’s discussion is that my expectations of goal and abilities of FreeNAS VLAN’s was completely wrong :(
I think that, in this context, a VLAN can only be used to communicate with computers in the same subnet, otherwise it will be routed via FreeNAS default gateway. The FreeNAS VLAN definition, It is not just an endpoint of a VLAN, it is a routing gateway as well.
So the VLAN function is a point to point connection to another computer in the same subnet, but cannot be used to communicate with a computer with an ip-address not belonging to the VLAN-subnet, at least not without NAT.
That is a pity, but I understand Heracles its remark earlier in the discussion now. So I need to do NAT on pfSense or on the CRS317 (I do think pfSense, CRS has dramatically bad routing performance).
So my actual conclusions are:
- The Management VLAN gateway should also be the FreeNas default gateway.
- The other VLAN’s should not(!) carry any IP-adress outside the VLAN’s subnet, so they will never generate (L3) routed traffic.
- To archive that, a routing device like e.g. pfSense should NAT traffic into the VLAN’s subnet ranges.
How to do that exactly, TBD.
Thanks Heracles! I really was hoping for more/other functionality, but I am very glad I understand now (I think)
Louis
What I learned from today’s discussion is that my expectations of goal and abilities of FreeNAS VLAN’s was completely wrong :(
I think that, in this context, a VLAN can only be used to communicate with computers in the same subnet, otherwise it will be routed via FreeNAS default gateway. The FreeNAS VLAN definition, It is not just an endpoint of a VLAN, it is a routing gateway as well.
So the VLAN function is a point to point connection to another computer in the same subnet, but cannot be used to communicate with a computer with an ip-address not belonging to the VLAN-subnet, at least not without NAT.
That is a pity, but I understand Heracles its remark earlier in the discussion now. So I need to do NAT on pfSense or on the CRS317 (I do think pfSense, CRS has dramatically bad routing performance).
So my actual conclusions are:
- The Management VLAN gateway should also be the FreeNas default gateway.
- The other VLAN’s should not(!) carry any IP-adress outside the VLAN’s subnet, so they will never generate (L3) routed traffic.
- To archive that, a routing device like e.g. pfSense should NAT traffic into the VLAN’s subnet ranges.
How to do that exactly, TBD.
Thanks Heracles! I really was hoping for more/other functionality, but I am very glad I understand now (I think)
Louis