FreeNAS and Network Bridge - FreeNAS traffic shall not pass!!

[voyager529]

Hello everyone!

I set up an entry level NAS for some friends. They live in an apartment where they share the wireless internet with the landlord. Since they are on a separate floor, running an ethernet cable is somewhat impractical for now.

I purchased a D-Link DAP-1522 for them. The logic was that it would enable their two desktops to access the NAS over gigabit ethernet, while the desktops would be able to use the wired connection between each other and not have to worry about the offboard wireless NICs going slow (and we suspect another is causing a BSoD here and there). With everything going out a consolidated wireless interface, and that interface not having to be responsible for NAS traffic, rainbows and unicorns would be plentiful.

If I was correct in that assumption, I wouldn't be here.

The first issue I dealt with is that the bridge doesn't seem to pass DHCP traffic from the router to the clients. That's simple enough to deal with - just static IP them - they're desktops anyway, so they're not going anywhere. That's what I did. I did a firmware upgrade to see if that would help, no change, so I left it as-is.

Traffic was flowing between desktops and the NAS beautifully. a 1.1GB file went from desktop to NAS in fourteen seconds. It was glorious. Until I started attempting to install plugins from the UI.

The UI became unbearably slow - I'm literally talking minutes between screen refreshes, and the left nav panel frequently failing to load at all. That got me looking for solutions. The first thing said was that sometimes there were issues with jails. Well, I grabbed the handy 'warden' command on the CLI, and nuked every jail I had from orbit. No luck. I tried using the 10/100 onboard NIC - even if it's not the fastest, if it gets a working UI, I'll manage for now. Still no change.

Since I was on the console anyway from reconfiguring the NICs, I decided to ping some stuff in order to see what would happen. The NAS was able to ping both desktops without a problem - I flooded them both with the evil "ping -i 0" command, no problem. I could ping the bridge itself, also without incident. Getting to the router, or the greater internet, was mostly-impossible. I mean that in that I managed to get a standard ping to complete exactly four pings to Google DNS out of 197. Other than that, nothing on the other side of the bridge functioned.

"So then get rid of the bridge, genius!" is the thought that I'm certain everyone is thinking. Here's the problem with that: The two desktops get on the internet FLAWLESSLY. Traffic of every shape and size gets from the wired NICs to the internet and back, with no significant packet loss, no DNS failures, and no other forms of messiness aside from the aforementioned DHCP issue. If the issue is the bridge, then I'd expect something besides flawless performance for the desktops. Moreover, if I remove the router from the 'IPv4 Default Gateway' line, ironically I can ping the router just fine as well. The only configuration changes made to the bridge were connecting it to a wireless network and giving it a static IP address, but is otherwise in bone stock configuration (not that there's much to configure in bridge mode anyway).

I'm open to suggestions with regards to how to rectify the issue. A few thoughts I had were:
1.) known good wireless/wired bridges (preferably units with gigabit ethernet ports).
2.) means by which to connect a FreeNAS to a wireless network directly (e.g. known good wi-fi configs).
3.) reasons why Windows machines on a LAN can get out the door just fine, but a FreeNAS mostly-can't.


I'll check the thread regularly to provide any follow up information requested. Hardware/config specs as follows, to the best I can (some will unfortunately be vague):

CPU: Intel(R) Pentium(R) D CPU 2.80GHz
Mobo: HP OEM of some kind (no descriptive markings; HP splash screen and BIOS)
RAM: 2x1GB DDR2
HDDs: 4x500GB Hitachi Deskstar 7200RPM SATA
NIC: Onboard 10/100, TrendNet TEG-PCITXR GigE (either/or, no ganging)
Network Config: Static IPs, all on 192.168.1.0 network, DHCP on other side of bridge on same network.
Bridge: D-Link DAP-1522, bridge mode.
Router: ISP provided D-Link 802.11ac (does DHCP/DNS).


Thanks so much for your time.

Joey

 

[bestboy]

Some random points

• If your wireless bridge does not pass on DHCP, then it is no bridge. It is a dead giveaway for a configuration issue. I bet you'll find your root cause here.
  
• I don't really see what FreeNAS could do wrong in this simple setup. You assign IP addresses for the host and the gateway and you are done with it. I cannot imagine any fuckups here (but I'm out of coffee atm).
  
• Did you make sure that the address range used for the jails is excluded from the address range DHCP is using? You may have address conflicts otherwise.
  
• Your hardware is totally inadequate to run recent FreeNAS versions (what version are you using anyways?). The sluggish web UI you experienced may very well be a result of that (but not necessarily).
• FreeNAS might not be the druid you are looking for, if you consider adding a WIFI card to it
• Regarding SOHO routers: OOTB all of them are crap IMHO. Best thing you can do is to buy a router with halfway decent hardware, purge the original firmware and put OpenWRT on it. Then it can do whatever networking tasks you throw at it. Other than that I cannot give you any recommendation. Maybe check smallnetbuilder.com for reviews.

 

[anodos]

• FreeNAS might not be the druid you are looking for, if you consider adding a WIFI card to it

Unfortunately the time for finding druids passed a few days ago.

 

[joeschmuck]

The fact that you can sometimes ping and the other computers have no issues is a positive thing.


What I would do first:
1) On the router, find out the DHCP address range.

2) Assign a static IP address for each machine on the N300 well above the DHCP address range. For instance, if the DHCP range is .10 to .100, then use the .200 and above area. Map out your IP addresses if there are a lot of items which will be on static IP, this includes the landlord because he/she may have a network printer that defaults to a certain static IP, who knows but it's possible.

3) Assign a static DNS to your computers, including the FreeNAS. I'd use 208.67.222.222 which is from OpenDNS, a free DNS service. This way you are not relying on the Router or ISP which can cause issues in some circumstances.

4) Cross your fingers.

-Joe

 

[cyberjock]

You have 2GB of RAM. That's 1/4 of the *minimum* RAM for FreeNAS. Color me shocked the system behaves slowly. I'm sorry, but I can't feel particularly bad that the OS isn't up to par when you don't even hit our minimum hardware requirements.

 

[voyager529]

Good morning everyone! Thank you all for your responses. Here's what I'll put out there thus far...

1.) Yes. I *KNOW* that 2GB of RAM isn't a desirable quantity to be using. I'll certainly give you that. However, this is a 'favor for a friend' situation; the unit is a 'frankenstein build' of assorted spare parts a friend and I had available, except the case and the PSU. Upgrading the RAM is certainly on the to-do list, but 'getting it working first' is a more poignant matter at hand. "Sluggish" as in "not quite as fast as my home machine with a quad-core AMD Phenom chip and 16GB of RAM" is completely expected. "Taking two minutes to load the side panel", on the other hand, is a different story. The fact that it returns to "slightly slower than I'm used to" when I remove the default gateway from the network config leads me to believe that RAM is not the culprit here.

2.) I'd be completely willing to chalk it up to a PEBKAC issue with the bridge configuration problem, but there's very little to configure in bridge mode. Essentially my options are to pick the Wi-Fi network it's bridging, whether the unit itself gets a static or dynamic IP, transmit power, admin password, time server, firmware upgrade, and that's about it. What might be another way to skin this cat would be to set it in range extender mode and then disregard the range extension - I know there are a few more options in that config panel, but it may work, as long as it keeps the ethernet ports lit up. I'll try that next time I'm there.

3.) Yes, connecting a FreeNAS to a Wi-Fi network is a dumb idea, and I'm not a fan of it either. I don't like the idea, which is why I got the bridge in the first place. The reason the question was asked was as a contingency plan, and an avenue of last resort.

4.) Replacing the router is unlikely to be practical. The existing unit was furnished by the ISP and is generally working for the landlords - I don't see them being okay with swapping it out for a unit running OpenWRT 'because NAS'...and even if they did, I love my friends enough to give them spare parts and front the money for the bridge, Gigabit NICs, etc. There's a limit to my wallet here, and if there was a bigger limit, they'd have more RAM =).

5.) While I don't have immediate access to the router, I did set everything in the north-of-200 range in the subnet, pinging every IP address I assigned before I assigned it, for the very reason you specify. It's possible that things connected don't ping, but I don't usually find that with consumer grade stuff. Still, I'll see if my friends can get that information in order to verify that the IP range is still the default for the router.

6.) Static DNS to OpenDNS was already tried, as was Google DNS. I considered that it might be an odd DNS issue as well, but I'd also be scratching my head as to what role DNS would have in causing a "ping 8.8.8.8" from the console to usually-but-not-completely fail.

7.) I wasn't "blaming" FreeNAS at all - my home unit is wonderful and works beautifully without incident. However, when the traffic from Windows desktops can freely traverse a bridge without a problem, and when the FreeNAS can't get a simple 'ping' command to leave the bridge, it seems like common sense to allocate scrutiny to the NAS.


So the takeaways from this exercise are as follows:
--Get more RAM sooner than later.
--The closest thing I can do to get a FreeNAS on a wireless LAN, undesirable as that topology is, is what I'm already doing.
--Try the bridge in Range Extender mode and see if that does the trick.
--Replace the bridge with a different unit from Microcenter.

I'll let you guys know what I find. Thank you again.

Best regards,
Joey

 

[anodos]

The problem with not meeting minimum requirements is not that it will run slower or that the GUI will be buggy, it is that you will suffer catastrophic unexpected data loss and that there is no good way to do data recovery once you're in that situation (ie you're screwed). This is a side effect of the design parameters for ZFS. It was designed for real servers, not for franken-nas on buggy decade old desktop hardware.

If you want to do your friend a favor, either
1) meet the hardware requirements for freenas (noting the very strong recommendation for ECC RAM)
2) use different OS. I have no problem making due with what's available. For instance, I repurposed an old P4 one time to set up an openbsd samba server for an NGO that had zero budget and needed a file server, but I would never consider using freenas for this purpose.

 

[cyberjock]

I agree with anodos 100%. If you can't meet the minimum then this is not the OS for you.

We've had problems with random webgui bugs, improper thread terminations, and sudden loss of the user's pool due to not having 8GB of RAM. So you should expect to do one of the two:

1. Upgrade to the minimum to rule out the possibility of insufficient RAM
2. Do not expect help from anyone in the forums or IRC with alot of experience with the OS. (Those of us that know FreeNAS know that they shouldn't waste their time troubleshooting problems that aren't even code problems... and we've seen far far too many of them on years gone by).

You'd better keep religious backups on another machine because the day *will* come where you will lose your pool and the data on that pool will be unrecoverable.

FreeNAS is enterprise-class. It's not for frankenbuilds.

 

[bestboy]

4.) Replacing the router is unlikely to be practical. The existing unit was furnished by the ISP and is generally working for the landlords - I don't see them being okay with swapping it out for a unit running OpenWRT 'because NAS'...and even if they did, I love my friends enough to give them spare parts and front the money for the bridge, Gigabit NICs, etc. There's a limit to my wallet here, and if there was a bigger limit, they'd have more RAM =).

Just to avoid misunderstandings: When I was talking about routers I actual meant your wireless bridge and not the router of the landlord. Usually these devices are routers limited by their firmware to just do wireless bridging. What I meant to say was, if you decide to replace the wireless bridge, then consider getting a router with hardware that is on the OpenWRT supported hardware list. OpenWRT can do wireless bridging and gives you full control over the network setup.

Also if you had a router instead of a bridge device, you could try to set up a subnet for your two friends and the FreeNAS server. You could configure the wireless network as WAN uplink, run your own DHCP server and see what's what. Could we worth a try, if you cannot pinpoint the issue with the bridging.

 

[voyager529]

Hey guys,

I did try swapping out the D-Link bridge for a unit by Engenius. Interestingly enough, it was failing the exact same way - "mostly-not-working". The landlord's router turned out to be in the garage, about 35 feet away, with a drop-ceiling. I told my friends that their best bet is to attempt the political discussion of running a cable that no one will notice. When I last left the discussion, the landlord was worried that the NAS would "slow things down", but I rebutted by saying that since the major file moves and whatnot would happen on a second switch and never hit their router in the first place, with the internet connectivity being affected in the exact same as what they're doing already, since they're using BT Sync and Transmission on their desktops right now anyway. The landlord wanted a second opinion from someone else, so I told my friends to call me when they need the wire run.

I appreciate the help, everyone.

Joey

[mod note: this thread can be closed]