iocage Jail conflicting with default gateway

1337Hacker

Dabbler
Joined
Oct 22, 2017
Messages
27
So I finally got a iocage jail to install through the CLI, but I couldn't get vnet to work. I chose nfe0 which may be causing my issue:
Code:
iocage create -n "plex" -p /tmp/pkg.json -r 11.1-RELEASE ip4_addr="nfe0|10.0.0.6/24" defaultrouter="10.0.0.5" allow_raw_sockets="1" boot="on"


This is my output for the vnet attempt in case anyone was wondering
Code:
iocage create -n "plex" -p /tmp/pkg.json -r 11.1-RELEASE ip4_addr="vnet0|10.0.0.6/24" defaultrouter="10.0.0.5" vnet="on" allow_raw_sockets="1" boot="on"
plex successfully created!
Testing SRV response to FreeBSD
Error: error sending query: General LDNS error
{repo} could not be reached, please check your DNS


ifconfig below
Code:
nfe0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
		options=8210b<RXCSUM,TXCSUM,VLAN_MTU,TSO4,WOL_MAGIC,LINKSTATE>
		ether 00:22:15:46:5c:b2
		hwaddr 00:22:15:46:5c:b2
		inet 10.0.0.5 netmask 0xffffff00 broadcast 10.0.0.255
		inet 10.0.0.6 netmask 0xffffff00 broadcast 10.0.0.255
		nd6 options=9<PERFORMNUD,IFDISABLED>
		media: Ethernet autoselect (1000baseT <full-duplex>)
		status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
		options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
		inet6 ::1 prefixlen 128
		inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
		inet 127.0.0.1 netmask 0xff000000
		nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
		groups: lo
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
		ether 02:88:8c:df:d4:00
		nd6 options=9<PERFORMNUD,IFDISABLED>
		groups: bridge
		id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
		maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
		root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0


The issue is now 10.0.0.6 is displaying as a gateway for my NAS and opens the GUI in browser. Does anyone have suggestions because I've looked through a number of posts regarding iocage installation and this is skimmed over.
 
Last edited:

8-bit Yoda

Explorer
Joined
Jun 16, 2018
Messages
68
The issue is now 10.0.0.6 is displaying as a gateway for my NAS and opens the GUI in browser. Does anyone have suggestions because I've looked through a number of posts regarding iocage installation and this is skimmed over.

I think you mean "alias" instead of "gateway". Anyway, the default behavior is that the FreeNAS webGUI binds to any IP address it is associated with.
If this is not desired, you can pick a specific IP using "System>General>WebGUI IPv4 Address".

Source: https://doc.freenas.org/11/system.html#general

Next time you post, please specify the exact release you're using. I assumed you're on the 11.1 train, e.g. 11.1-U6, so the menu path may differ for your system. :)
 

1337Hacker

Dabbler
Joined
Oct 22, 2017
Messages
27
Sorry I usually mention release but I've been a bit frustrated with this whole process of setting up jails in the new iocage. Apparently Plex has to be created with vnet, unfortunately it does not want to work on my system. Still can't figure out why, I'm just going to switch back to wardens until the 11.2 train release is more stable.
 

8-bit Yoda

Explorer
Joined
Jun 16, 2018
Messages
68
Something else to note: the defaultrouter attribute should be set to the IP address of your gateway, i.e. your router, not the IP of your FreeNAS box.
 

Krautmaster

Explorer
Joined
Apr 10, 2017
Messages
81
So how do I realize this then with jails and freenas config?

LAN (Nic vmx0)
192.168.2.10 (gateway, router) -> WAN
vmx0 192.168.2.25 (Plex Jail) -> Problem is here (no internet from Jail)
vmx0 192.168.2.95 (Freenas itself) -> Webgui of Freenas
...

DMZ: (Nic vmx1)
192.168.1.1 (Pfsense Firewall) -> DHCP from 192.168.2.10 -> WAN
vmx1 192.168.1.200 (Nextcloud Jail on Freenas, static or dhcp)

problem here is: I can only get internet in the Nextcloud Jail if I enter the DMZ gateway into the freenas host generall gateway and nameserver settings.

thx
 

Apollo

Wizard
Joined
Jun 13, 2013
Messages
1,450
@Krautmaster , Have you figured this one out?
If I am not mistaken, you are using one PC for Freenas using 192.168.2.x and the Nextcloud jail on that same PC connected to 192.168.1.x and hope it will be placed in DMZ?

I don't know if it is a viable option and weither you are actually guarantying DMZ.
Is Freenas really protected this way?
 

Krautmaster

Explorer
Joined
Apr 10, 2017
Messages
81
yeah, u got no idea if its protected this way. I normally wanted to simply pass the second nic adapter 1:1 to the jail like using it for a VM.

I might switch over and kill that DMZ and keeping all webservers within my lan but its less the nextcloud which is in focus here for the dmz reason, its more the other webservers. But as the ports are forwarded to a reverse proxy server in my dmz i need to access my nextcloud jail from the dmz as well.
 
Top