Arun Gupta
Dabbler
- Joined
- Dec 22, 2013
- Messages
- 37
I am running TrueNAS-12.0-U2.1. I created a basejail release 12.2. I enabled VNET and BPF and assigned static IP. After creating the jail, I found that I cannot ping the jail IP from my local network, nor can the jail ping any IP on my local network. The jail cannot access internet. Here are things that I tested:
a) Change jail to NAT. It works fine. From within the jail, I can ping all IPs on my local network and can connect to internet.
b) Disable both VNET and BPF. Jail works fines. I can ping jail IP from my local network, from within jail, I can ping all IPs on my local network and can connect to internet.
c) Change jail to DHCP. It obtains IP address from DHCP server, but same problem. No pinging the jail IP from local network, from within jail, cannot ping any local network IP, no internet access.
d) If I disable VNET and just enable BPF, jail cannot start. It says that BPF needs VNET.
I also noticed that when I created the jail with VNET and BPF enabled, in the jail, the network interface epair0b is assigned the static IP. On the host side, there is a vnet0.n interface which shows as "associated with jail: testj as nic: epair0b" and bridge0 has members em0 and vnet0.n. In the vnet0.n interface, n keeps incrementing every time I restart the jail.
When VNET and BPF are disabled, in the jail, there is one NIC em0 and a bridge0. NIC em0 is a member of bridge0. On the host side, there is no vnet0.n interface and bridge0 has just one member: em0 (the host NIC).
So, it seems that with VNET and BPF enabled, the jail NIC is just bridged to the host NIC via bridge0 and does not appear as an independent machine on the local network. From within the jail shell, I started a ping of a local network IP address and looked for ICMP packets on the host side using
tcpdump -i bridge0 -v -ip proto icmp
tcpdump -i vnet0.28 -v -ip proto icmp
Not a single ICMP packet is reaching any of these interfaces from within the jail.
Is there a way to make a basejail work with VNET and BPF enabled? If someone has a working setup, can you please share some details of how it worked? I have spent more than two days deleting and recreating the jails and trying various options and read tens of forums threads but nothing of value. Till yesterday, I was testing on FreeNAS 11.3 U5 and had same problem. Then yesterday I upgraded to TrueNAS 12 hoping that things will work, but no luck.
I have just one NIC on the TrueNAS host and all local network is on 192.168.250.0 network.
Thanks...
a) Change jail to NAT. It works fine. From within the jail, I can ping all IPs on my local network and can connect to internet.
b) Disable both VNET and BPF. Jail works fines. I can ping jail IP from my local network, from within jail, I can ping all IPs on my local network and can connect to internet.
c) Change jail to DHCP. It obtains IP address from DHCP server, but same problem. No pinging the jail IP from local network, from within jail, cannot ping any local network IP, no internet access.
d) If I disable VNET and just enable BPF, jail cannot start. It says that BPF needs VNET.
I also noticed that when I created the jail with VNET and BPF enabled, in the jail, the network interface epair0b is assigned the static IP. On the host side, there is a vnet0.n interface which shows as "associated with jail: testj as nic: epair0b" and bridge0 has members em0 and vnet0.n. In the vnet0.n interface, n keeps incrementing every time I restart the jail.
When VNET and BPF are disabled, in the jail, there is one NIC em0 and a bridge0. NIC em0 is a member of bridge0. On the host side, there is no vnet0.n interface and bridge0 has just one member: em0 (the host NIC).
So, it seems that with VNET and BPF enabled, the jail NIC is just bridged to the host NIC via bridge0 and does not appear as an independent machine on the local network. From within the jail shell, I started a ping of a local network IP address and looked for ICMP packets on the host side using
tcpdump -i bridge0 -v -ip proto icmp
tcpdump -i vnet0.28 -v -ip proto icmp
Not a single ICMP packet is reaching any of these interfaces from within the jail.
Is there a way to make a basejail work with VNET and BPF enabled? If someone has a working setup, can you please share some details of how it worked? I have spent more than two days deleting and recreating the jails and trying various options and read tens of forums threads but nothing of value. Till yesterday, I was testing on FreeNAS 11.3 U5 and had same problem. Then yesterday I upgraded to TrueNAS 12 hoping that things will work, but no luck.
I have just one NIC on the TrueNAS host and all local network is on 192.168.250.0 network.
Thanks...