Register for the iXsystems Community to get an ad-free experience and exclusive discounts in our eBay Store.

Force Jails To Use Alternate NIC

Steven Wormuth

FreeNAS Experienced
Joined
May 2, 2017
Messages
115
Thanks
10
#1
Good day,

I purchased a second NIC and installed it into my FreeNAS system. The card is recognized, and "netstat -i" shows a new interface "em0" in the list. I currently have multiple jails working perfectly. The FreeNAS is running on xxx.xxx.1.100. Jails running on xxx.xxx.1.110, 111,112, etc... The purpose of the second NIC is to move these jails off to a different network. Ideally, I'd like the second NIC to be assigned something like xxx.xxx.2.100, and the jails to move to xxx.xxx.2.110, 111, 112, etc...

So how should one accomplish this?

Right now, if I connect a cable to the new NIC, the router will assign the IP xxx.xxx.2.100 and I can no longer access any of the jails on their original IP addresses. Even if I change the jail IP's to what I want them to be in the GUI, I can't get to the jails any more. I really need some step-by-step help on what changes to make.

Thanks for any help you can offer!
 

sretalla

FreeNAS Expert
Joined
Jan 1, 2016
Messages
1,284
Thanks
322
#2
If you want your jails on a NIC that's on a new subnet, you can't network them to the old subnet with a cable to the same switch (unless you configured VLANS on the switch and use the assigned ports) without a router between the subnets.

How were you planning to connect the subnets?

Code:
                                          Other Client(s)
Lan 1 x.x.1.0/24 --|----------------------------|---------------------------|-----

                   Freenas                                                 Router

Lan 2 x.x.2.0/24  --|-----------|-------|---------|---------------------------|-----
                              Jail1   Jail2     Jail3..
 
Last edited:

Steven Wormuth

FreeNAS Experienced
Joined
May 2, 2017
Messages
115
Thanks
10
#3
Hi there,

I have a PFSense router with multiple interfaces. One interface is specifically for FreeNAS, with a cable from its interface in PFsense to the FreeNAS box, and a static IP for the FreeNAS NIC. FreeNAS gets it's internet on this interface.

Another interface in PFSense is for all the automation in the house. From that interface on the PFSense NIC, I have a physical cable to a wireless access point in bridge mode so IP's are assigned by PFSense to anything home automation that connects wirelessly. I need this second FreeNAS NIC to connect to THIS network. There is a port on this access point to hardwire a device, and my thought was that I could plug the new NIC in FreeNAS hardwired to this port. I was going to static IP assign an IP in the second subnet to this NIC, and tell my jails to route through that.

If that explanation makes sense?
 

sretalla

FreeNAS Expert
Joined
Jan 1, 2016
Messages
1,284
Thanks
322
#4
So your plan sounds great so far (more-or-less matching my diagram... if you can call it that)...

What you need to look at is the firewall rules and routing on your pfSense box to connect the two subnets together and allow the traffic you want to get through (and only that traffic, if you want the benefits of the segregation you're setting up).
 

Steven Wormuth

FreeNAS Experienced
Joined
May 2, 2017
Messages
115
Thanks
10
#5
That's about the best diagram I could've come up with. LOL

So when I connected the cable between the new NIC in FreeNAS and my access point, the PFSense box did assign the IP to the new NIC. At that point I couldn't access the jails any more, and didn't want to go any further until I knew what I was doing. I assume that's because of a conflict somewhere between the new NIC being assigned IP's in the second subnet, and the FreeNAS settings still telling the jails to assign an IP in the original one.

At this point, I need to do the following (as I see it).

1. Set up the static IP for the new NIC in PFSense's DHCP.

2. Change the jails to use static IP's in that subnets range in FreeNAS.

3. Change the jails settings to use the appropriate interface.

The new NIC is "em0" in FreeNAS. But right now the jails are using "vnet0". Which settings should I change to get this to properly take effect? I have a troubleshooting rule enabled in PFSense which I can toggle to pass all traffic to rule out a firewall issue. So right now all traffic should be passing through to all interfaces internally on PFSense.

Thanks!
 
Joined
Apr 6, 2019
Messages
3
Thanks
0
#6
Hello, did you ever get this working? If so, wondered if you might share how you configured the jails network settings?
 
Top