SOLVED Iocage Jails Multiple Interfaces? (VNET)

sotiris.bos

Explorer
Joined
Jun 12, 2018
Messages
56
Hello! Just updated to 11.2 and things are going great!

I am trying to do something that I have been putting off for a long time.

E.g. I have a Plex jail that I can access on my LAN. I have IoT devices (for example Xiaomi Mi boxes) that I had to have connected to the LAN to be able to access Plex directly.

I want to move said devices to a VLAN but still be able to access Plex on both the LAN and VLAN networks.

I already have a VLAN set up on the network and have added a bridge (bridge1) on FreeNAS between the VLAN and the parent interface.

How can I configure my iocage jails to use both the LAN and VLAN networks with static addresses on both?
 

sotiris.bos

Explorer
Joined
Jun 12, 2018
Messages
56
Did you find a solution for this?
Unfortunately not. I tried:

Code:
iocage set ip4_addr="vnet0|10.0.10.251/24,vnet1|10.0.15.251/24"


Tried it with or without also adding vnet1:bridge1 under my jail, Network Properties, Interfaces. When adding vnet1:bridge1 the jail would not start and I would get a VNET error.

I can access the freenas main page on the VLAN, The jail would start without vnet1:bridge1 under Interfaces but I wasn't able to access it on the VLAN.


Edit: After a bit of experimentation, the problem seems to be the IPV4 Default Router setting. I set it to the IP of my router (10.0.10.1) and setting an IP of 10.0.10.251 on the jail works. Setting the IPV4 Default Router to 10.0.11.1 (IP of my router for DHCP and DNS on the VLAN) and jail IP of 10.0.11.251 also works. Mixing .10 with .11 for IPV4 Default Router and Jail IP does not work and the jail fails to start. Since I can't set two IPV4 Default Router IPs, how will I get it to work?

Edit 2: The route command is failing when iocage tries to configure the VNET. It can't reach the default router from the second IP and so it fails.
 
Last edited:

sotiris.bos

Explorer
Joined
Jun 12, 2018
Messages
56
Update:

For anyone interested:

You need 11.2-U2.1 or newer for this to work.

You need to create a bridge for each extra interface and you want that bridge to include that interface. Make sure that bridge gets created and contains your interface at boot. You can check with
Code:
ifconfig
You might need an extra rc system tunable if it is not working:

Code:
cloned_interfaces                <your interface name here without the <> >


You need to manually add the bridges to the jail as interfaces in the UI. I am using VNET so under Jail Settings/Network Properties/Interfaces in conjunction with the default vnet0:bridge0 you need to also add e.g. vnet1:bridge1 according to your configuration.

With the jail stopped, you need to run something like:
Code:
iocage set ip4_addr="vnet0|192.168.1.200/24,vnet1|192.168.2.200/24,vnet2|192.168.3.200/24" <your jail name here>
obviously adjusted for your network configuration. I am not sure if it works with DHCP. If you afterwards edit any jail networking settings, you might need to run the command again.

You should now be able to start the jail and access it from your various interfaces/subnets.

At the time of writing this, this does NOT work with FreeNAS software VLANs. At least not for me. To get it to work with VLANs you need:

A. A VLAN capable switch with the ability to force a VLAN on a port.
B. Multiple physical interfaces on your FreeNAS machine.

You need to configure your switch port for untagged VLAN traffic. That means that anything that gets connected to that port gets connected to the VLAN and is not aware that it is in fact a VLAN. Then, connect that port to an interface other than the main interface on the FreeNAS system.
No need to set up any VLANs on the FreeNAS UI. That other interface should already be connected to your VLAN.
Configure the interface (set an IP) and enable the interface.
Then proceed as explained above.
 
Last edited:
Joined
Jul 2, 2019
Messages
648
@sotiris.bos - This looks exactly what I need except I am running minidlna in a jail instead of Plex. I have IGMP forwarding working but I really want to keep my subnets (VLANs) from broadcasting across those subnets. What are the files that need editing?

Thanks!
 
Top