I will try to best describe my situation....I just recently updated my freenas SAN to version 11.2. It has a dual port 10gb network card that is directly connected to two hypervisors and configured with its own subnet in order to create iscsi sharing. In order to get the two hypervisors to see the SAN I had to create tunables to create a network bridge. I have attached a screen shot of the tunables.
That being said when I configure an iocage jail I am unable to ping my gateway and believe it maybe related to the tunables. I am wondering if I need to create a new interface for the iocage jails or use a different one. Below is a screen shot of the pings and the iocage settings that I have.
root@test11:~ # ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
inet 127.0.0.1 netmask 0xff000000
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
groups: lo
epair0b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 9000
options=8<VLAN_MTU>
ether 02:ff:60:85:75:ab
hwaddr 02:24:10:00:16:0b
inet 172.31.1.40 netmask 0xffffff00 broadcast 172.31.1.255
nd6 options=1<PERFORMNUD>
media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
status: active
groups: epair
root@test11:~ # ping 172.31.1.40
PING 172.31.1.40 (172.31.1.40): 56 data bytes
64 bytes from 172.31.1.40: icmp_seq=0 ttl=64 time=0.028 ms
64 bytes from 172.31.1.40: icmp_seq=1 ttl=64 time=0.037 ms
64 bytes from 172.31.1.40: icmp_seq=2 ttl=64 time=0.023 ms
64 bytes from 172.31.1.40: icmp_seq=3 ttl=64 time=0.042 ms
64 bytes from 172.31.1.40: icmp_seq=4 ttl=64 time=0.022 ms
64 bytes from 172.31.1.40: icmp_seq=5 ttl=64 time=0.025 ms
^C
--- 172.31.1.40 ping statistics ---
6 packets transmitted, 6 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.022/0.029/0.042/0.007 ms
root@test11:~ #
root@test11:~ # ping 172.31.1.1
PING 172.31.1.1 (172.31.1.1): 56 data bytes
ping: sendto: Host is down
ping: sendto: Host is down
ping: sendto: Host is down
ping: sendto: Host is down
ping: sendto: Host is down
^C
--- 172.31.1.1 ping statistics ---
10 packets transmitted, 0 packets received, 100.0% packet loss
root@test11:~ #
root@san1:~ # iocage get -a test11.2
CONFIG_VERSION:14
allow_chflags:0
allow_mlock:0
allow_mount:0
allow_mount_devfs:0
allow_mount_nullfs:0
allow_mount_procfs:0
allow_mount_tmpfs:0
allow_mount_zfs:0
allow_quotas:0
allow_raw_sockets:0
allow_set_hostname:1
allow_socket_af:0
allow_sysvipc:0
allow_tun:0
available:readonly
basejail:no
boot off
bpf:no
children_max:0
cloned_release:11.2-RELEASE
comment:none
compression:lz4
compressratio:readonly
coredumpsize off
count:1
cpuset off
cputime off
datasize off
dedup off
defaultrouter:172.31.1.1
defaultrouter6:none
depends:none
devfs_ruleset:4
dhcp off
enforce_statfs:2
exec_clean:1
exec_fib:0
exec_jail_user:root
exec_poststart:/usr/bin/true
exec_poststop:/usr/bin/true
exec_prestart:/usr/bin/true
exec_prestop:/usr/bin/true
exec_start:/bin/sh /etc/rc
exec_stop:/bin/sh /etc/rc.shutdown
exec_system_jail_user:0
exec_system_user:root
exec_timeout:60
host_domainname:none
host_hostname:test11.2
host_hostuuid:test11.2
host_time:yes
hostid:4c4c4544-004a-4b10-8058-c3c04f365331
hostid_strict_check off
interfaces:vnet0:bridge0
ip4:new
ip4_addr:vnet0|172.31.1.40/24
ip4_saddrsel:1
ip6:new
ip6_addr:none
ip6_saddrsel:1
jail_zfs off
jail_zfs_dataset:iocage/jails/test11.2/data
jail_zfs_mountpoint:none
last_started:2019-02-18 16:02:48
login_flags:-f root
mac_prefix:02ff60
maxproc off
memorylocked off
memoryuse off
mount_devfs:1
mount_fdescfs:1
mount_linprocfs:0
mount_procfs:0
mountpoint:readonly
msgqqueued off
msgqsize off
nmsgq off
notes:none
nsemop off
nshm off
nthr off
openfiles off
origin:readonly
owner:root
pcpu off
priority:99
pseudoterminals off
quota:none
release:11.2-RELEASE-p9
reservation:none
resolver:/etc/resolv.conf
rlimits off
securelevel:2
shmsize off
stacksize off
state:up
stop_timeout:30
swapuse off
sync_state:none
sync_target:none
sync_tgt_zpool:none
sysvmsg:new
sysvsem:new
sysvshm:new
template:no
type:jail
used:readonly
vmemoryuse off
vnet on
vnet0_mac:02ff608575aa 02ff608575ab
vnet1_mac:none
vnet2_mac:none
vnet3_mac:none
vnet_default_interface:none
vnet_interfaces:none
wallclock off
root@san1:~ #
That being said when I configure an iocage jail I am unable to ping my gateway and believe it maybe related to the tunables. I am wondering if I need to create a new interface for the iocage jails or use a different one. Below is a screen shot of the pings and the iocage settings that I have.
root@test11:~ # ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
inet 127.0.0.1 netmask 0xff000000
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
groups: lo
epair0b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 9000
options=8<VLAN_MTU>
ether 02:ff:60:85:75:ab
hwaddr 02:24:10:00:16:0b
inet 172.31.1.40 netmask 0xffffff00 broadcast 172.31.1.255
nd6 options=1<PERFORMNUD>
media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
status: active
groups: epair
root@test11:~ # ping 172.31.1.40
PING 172.31.1.40 (172.31.1.40): 56 data bytes
64 bytes from 172.31.1.40: icmp_seq=0 ttl=64 time=0.028 ms
64 bytes from 172.31.1.40: icmp_seq=1 ttl=64 time=0.037 ms
64 bytes from 172.31.1.40: icmp_seq=2 ttl=64 time=0.023 ms
64 bytes from 172.31.1.40: icmp_seq=3 ttl=64 time=0.042 ms
64 bytes from 172.31.1.40: icmp_seq=4 ttl=64 time=0.022 ms
64 bytes from 172.31.1.40: icmp_seq=5 ttl=64 time=0.025 ms
^C
--- 172.31.1.40 ping statistics ---
6 packets transmitted, 6 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.022/0.029/0.042/0.007 ms
root@test11:~ #
root@test11:~ # ping 172.31.1.1
PING 172.31.1.1 (172.31.1.1): 56 data bytes
ping: sendto: Host is down
ping: sendto: Host is down
ping: sendto: Host is down
ping: sendto: Host is down
ping: sendto: Host is down
^C
--- 172.31.1.1 ping statistics ---
10 packets transmitted, 0 packets received, 100.0% packet loss
root@test11:~ #
root@san1:~ # iocage get -a test11.2
CONFIG_VERSION:14
allow_chflags:0
allow_mlock:0
allow_mount:0
allow_mount_devfs:0
allow_mount_nullfs:0
allow_mount_procfs:0
allow_mount_tmpfs:0
allow_mount_zfs:0
allow_quotas:0
allow_raw_sockets:0
allow_set_hostname:1
allow_socket_af:0
allow_sysvipc:0
allow_tun:0
available:readonly
basejail:no
boot off
bpf:no
children_max:0
cloned_release:11.2-RELEASE
comment:none
compression:lz4
compressratio:readonly
coredumpsize off
count:1
cpuset off
cputime off
datasize off
dedup off
defaultrouter:172.31.1.1
defaultrouter6:none
depends:none
devfs_ruleset:4
dhcp off
enforce_statfs:2
exec_clean:1
exec_fib:0
exec_jail_user:root
exec_poststart:/usr/bin/true
exec_poststop:/usr/bin/true
exec_prestart:/usr/bin/true
exec_prestop:/usr/bin/true
exec_start:/bin/sh /etc/rc
exec_stop:/bin/sh /etc/rc.shutdown
exec_system_jail_user:0
exec_system_user:root
exec_timeout:60
host_domainname:none
host_hostname:test11.2
host_hostuuid:test11.2
host_time:yes
hostid:4c4c4544-004a-4b10-8058-c3c04f365331
hostid_strict_check off
interfaces:vnet0:bridge0
ip4:new
ip4_addr:vnet0|172.31.1.40/24
ip4_saddrsel:1
ip6:new
ip6_addr:none
ip6_saddrsel:1
jail_zfs off
jail_zfs_dataset:iocage/jails/test11.2/data
jail_zfs_mountpoint:none
last_started:2019-02-18 16:02:48
login_flags:-f root
mac_prefix:02ff60
maxproc off
memorylocked off
memoryuse off
mount_devfs:1
mount_fdescfs:1
mount_linprocfs:0
mount_procfs:0
mountpoint:readonly
msgqqueued off
msgqsize off
nmsgq off
notes:none
nsemop off
nshm off
nthr off
openfiles off
origin:readonly
owner:root
pcpu off
priority:99
pseudoterminals off
quota:none
release:11.2-RELEASE-p9
reservation:none
resolver:/etc/resolv.conf
rlimits off
securelevel:2
shmsize off
stacksize off
state:up
stop_timeout:30
swapuse off
sync_state:none
sync_target:none
sync_tgt_zpool:none
sysvmsg:new
sysvsem:new
sysvshm:new
template:no
type:jail
used:readonly
vmemoryuse off
vnet on
vnet0_mac:02ff608575aa 02ff608575ab
vnet1_mac:none
vnet2_mac:none
vnet3_mac:none
vnet_default_interface:none
vnet_interfaces:none
wallclock off
root@san1:~ #