Can't create a bridge for VMs

[asier_paz]

Show : My TrueNAS CORE system

Version: TrueNAS-13.0-U5.1
CPU: Intel(R) Xeon(R) CPU E5-1650 v3 @ 3.50GHz
RAM: 128GB DDR4 ECC
Drives: 2x 4 TB HDD + 1x 512GB NVMe SSD
Network: 1x Intel I210 Gigabit

Interfaces:
- igb0: The main interface (physical) configured with a static IP

Hello everyone.

I am using TrueNAS CORE for the first time on a Hetzner server. I have the main interface configured with a static ip (the public IP of the server) and I spent the last two days trying to create a bridge interface for my VMs to have internet access with no avail. I followed all the guides I found about it and the usual steps don't seem to work for me. Might be because of my limited knowledge about networking.

When I try to follow the steps where you remove the static IP alias from the main interface and then create the bridge adding the static IP and the main interface as a bridge member, when I click on "Test changes" I just can't access the UI for the 60 seconds of the test and ends up reverting the changes.

If I access the server with a KVM (it is remote) during the "Test changes" I can see with ifconfig that the main interface doesn't show the static IP anymore and the newly created bridge interface appears correctly with the static IP.

Sorry for the trouble and thanks in advance. Let me know if you need more info.

 

[Patrick M. Hausen]

Leave a permanent "ping" of the TrueNAS running in some terminal window on your desktop PC/whatever. Increase the timeout before clicking "Test changes" to something like 300.

Or clear your dekstop system's ARP cache after clicking "Test changes".

 

[asier_paz]

Leave a permanent "ping" of the TrueNAS running in some terminal window on your desktop PC/whatever. Increase the timeout before clicking "Test changes" to something like 300.

Or clear your dekstop system's ARP cache after clicking "Test changes".

Thanks for the reply. Unfortunantely none of the suggestions worked. I already tried with higher test timeouts before. I tried this time with the cache clearing but still nothing.

I'm in Manjaro and this is what I used to clear ARP and DNS cache:

Code:

arp -n \
  && ip -s -s neigh flush all \
  && arp -n \
  && systemd-resolve --flush-caches

The infinite pinging also stops when testing changes. I also tried to stay connected over SSH but I lost the session. So it doesn't seem to work.

Just to add more info, I am trying to use the public IP the server has because I want VMs to be reachable, since I plan to host some personal web services and stuff.

 

[asier_paz]

Seems like I cannot edit a previous message.

I just wanted to add that something weird happens some times. It happened to me twice in the last tries.

When I use the "test changes", sometimes I still cannot access to the web interface or ping or ssh to the server. I tried clearing the ARP and DNS caches, different browsers and even tried with my phone disconnected from the wifi and using mobile data just in case it was something local.

I have a KVM connected to the server and I can see the TrueNAS CORE screen with the network changes reverted to the original ones. I know it is reverted because my main interface has a static IPv4 + IPv6, but when I am trying to setup the bridge I'm only including the IPv4 for now. Also I saw the same screen before while the "test changes" was running and during that time the IPv6 wasn't there.

Here's a pic:

 

[asier_paz]

I'm really sorry. I meant that I sometimes cannot access the web UI/ping/ssh after the "test changes" timeout should be well passed.

 

[Patrick M. Hausen]

You have public IP addresses on your TrueNAS management interface? Is this system reachable over the Internet? If yes, don't. TrueNAS is not built with this grade of security in mind. It should be operated in trusted networks only.

 

[asier_paz]

Yes I do. What if I place a vpn or a firewall in front of TrueNAS?

 

[Patrick M. Hausen]

That would be recommended if you do not want to attract all sorts of illustre guests.

Are you trying to move the IP address from physical to bridge from a management system connected to that public network or remotely? In the latter case you would need to clear the router's ARP cache, not the one of your management station.

Last, you can force the bridge interface to use the same MAC address as the first member added. Create a tunable (System > Tunables):

Name: net.link.bridge.inherit_mac
Value: 1
Type: sysctl

and reboot. Then try the move - test dance again.

 

[victort]

I usually first create the bridge and set it to DHCP.

Once it picks up an IP, I remove the IP from the main interface and set a static one on the bridge.

This ends up being two separate steps.

 

[asier_paz]

Sorry for making you wait. After all I cannot make it work. So I started fresh with another OS where I am setting up a VPN and I'm planning to run TrueNAS CORE inside a KVM VM. I'm just fiddling with all of this. I guess that if I passtrhough the drives, performance shouldn't be an issue.

I'll keep you posted.

 

[Patrick M. Hausen]

If you run TrueNAS inside a hypervisor, you must pass through an entire HBA. Pass through of single drives is a recipe for desaster.

Please read: https://www.truenas.com/community/r...guide-to-not-completely-losing-your-data.212/