Jail network problems (FreeNAS 11.2)

darkmatter

Cadet
Joined
Feb 27, 2019
Messages
4
Hi everybody!

I use Freenas for over five years now and am very satisfied with its performance. If I came across an issue I could solve it quickly by checking the documentation or googling. However, now I am facing an issue which I seem to fail to overcome by myself and in respect of which I have found no relevant hint in the forum (although a couple of posts seem to relate to it but do in fact not).

The issue is that (typically after a while) jails cannot be accessed from my PC (192.168.10.108) or any laptop in my home network although the jails are running and - if I jexec into them from the FreeNAS shell - have access to the FreeNAS host (192.168.10.8) and internet (also DNS provided by a local DNS server under 192.168.10.40 works fine). The PC has internet connection and can reach the FreeNAS host's WebGUI.

Background:
I recently upgraded to the FreeNAS 11.2 release and created three jails by using the WebGUI. At that point in time each of the three jails could be reached from the PC and worked fine. Since then I can only access any of the jails if I restart them. Then they can be pinged and accessed from the PC but it appears that after a while (it feels like some idle time) the access fails (PING to the jail from the PC and from the jail to the PC does not work, access to web server in the jail fails; however, the jail still has access to the internet and DNS).

Although I have what I believe is a good understanding of different OSes and networking I am stuck and grateful for any hint.

Thank you!


This is the ifconfig of the FreeNAS host (which has two NICs, but as you can see only one is connected with a cable):

igb0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=2400b9<RXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO,RXCSUM_IPV6>
ether d8:50:e6:c1:24:8c
hwaddr d8:50:e6:c1:24:8c
inet 192.168.10.8 netmask 0xffffff00 broadcast 192.168.10.255
nd6 options=9<PERFORMNUD,IFDISABLED>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active

igb1: flags=8c02<BROADCAST,OACTIVE,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=6403bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6>
ether d8:50:e6:c1:24:8d
hwaddr d8:50:e6:c1:24:8d
nd6 options=9<PERFORMNUD,IFDISABLED>
media: Ethernet autoselect
status: no carrier

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
inet 127.0.0.1 netmask 0xff000000
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
groups: lo

bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 02:39:d5:24:fe:00
nd6 options=9<PERFORMNUD,IFDISABLED>
groups: bridge
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
member: vnet0:44 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 7 priority 128 path cost 2000
member: vnet0:43 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 5 priority 128 path cost 2000
member: vnet0:42 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 6 priority 128 path cost 2000
member: igb0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 1 priority 128 path cost 20000

vnet0:42: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: associated with jail: Plex as nic: epair0b
options=8<VLAN_MTU>
ether d8:50:e6:31:41:ea
hwaddr 02:22:d0:00:06:0a
nd6 options=1<PERFORMNUD>
media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
status: active
groups: epair

vnet0:43: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: associated with jail: nextcloud as nic: epair0b
options=8<VLAN_MTU>
ether d8:50:e6:ba:b5:81
hwaddr 02:22:d0:00:05:0a
nd6 options=1<PERFORMNUD>
media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
status: active
groups: epair

vnet0:44: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: associated with jail: SABnSick as nic: epair0b
options=8<VLAN_MTU>
ether d8:50:e6:32:33:43
hwaddr 02:22:d0:00:07:0a
nd6 options=1<PERFORMNUD>
media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
status: active
groups: epair

This is the ifconfig of the plex jail:

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
inet 127.0.0.1 netmask 0xff000000
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
groups: lo

epair0b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether d8:50:e6:ba:b5:82
hwaddr 02:22:d0:00:08:0b
inet 192.168.10.18 netmask 0xffffff00 broadcast 192.168.10.255
nd6 options=1<PERFORMNUD>
media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
status: active
groups: epair
 

sretalla

Powered by Neutrality
Moderator
Joined
Jan 1, 2016
Messages
9,702
My first thought would be to look at memory leaks. You didn't provide your specs, so I'm not sure if that's a silly idea (if you have 128GB).

What does the ifconfig look like when the problem is happening (I assume you posted the output from when it's working)?

Does dmesg show anything obvious?
 

darkmatter

Cadet
Joined
Feb 27, 2019
Messages
4
Thanks for your reply. Is this an iocage issue? I read a lot of network problems with iocage in earlier releases.


The system's specs are as follows:

OS Version:
FreeNAS-11.2-U2
(Build Date: Feb 14, 2019 20:8)

Processor:
Intel(R) Core(TM) i3-4130T CPU @ 2.90GHz (4 cores)

Memory:
16 GiB



The ouput of dmesg is (the vnet numbers changed due to restarts of the jails but continue to match the new IDs of the jails after they were restarted):

vnet0:41: promiscuous mode enabled
vnet0:41: link state changed to DOWN
epair0b: link state changed to DOWN
in6_purgeaddr: err=65, destination address delete failed
epair1a: Ethernet address: 02:22:d0:00:06:0a
epair1b: Ethernet address: 02:22:d0:00:08:0b
epair1a: link state changed to UP
epair1b: link state changed to UP
epair1a: changing name to 'vnet0:42'
epair1b: changing name to 'epair0b'
vnet0:42: promiscuous mode enabled
in6_purgeaddr: err=65, destination address delete failed
vnet0:37: link state changed to DOWN
epair0b: link state changed to DOWN
epair0a: Ethernet address: 02:22:d0:00:05:0a
epair0b: Ethernet address: 02:22:d0:00:08:0b
epair0a: link state changed to UP
epair0b: link state changed to UP
epair0a: changing name to 'vnet0:43'
vnet0:43: promiscuous mode enabled
vnet0:39: link state changed to DOWN
epair0b: link state changed to DOWN
epair2a: Ethernet address: 02:22:d0:00:07:0a
epair2b: Ethernet address: 02:22:d0:00:08:0b
epair2a: link state changed to UP
epair2b: link state changed to UP
epair2a: changing name to 'vnet0:44'
epair2b: changing name to 'epair0b'
vnet0:44: promiscuous mode enabled
in6_purgeaddr: err=65, destination address delete failed
arp: 192.168.10.8 moved from d8:50:e6:32:33:43 to d8:50:e6:c1:24:8c on epair0b
 

darkmatter

Cadet
Joined
Feb 27, 2019
Messages
4
Giving the issue described above another thought the problem may be that the router (to which both, the FreeNAS and the PC are connected) does not know the jails (they have fix IP addresses) or at least the route to them because the jails may not be known to the local DNS server.

The fact that it works after a restart of a jail may be due to the fact that for instance because the jail accesses the internet via the router and as a result the IP of the jail appears temporarily in the routing table of the router but drops off from such table after active connections are terminated (which appears to be consistent with what happens).

So my question in order to correctly announce the IP addresses of the host in my local network is:

How do I have to imagine the topology of a VNET jail? Does the route to the jail lead across the FreeNAS host?

Does in my case the route from the router (192.168.10.1) lead to the FreeNAS host (192.168.10.8) and then to the jail (192.168.10.11) OR from the router (1292.168.10.1) directly to the jail (192.168.10.11)?

Is it a step in the right direction to try the following?

1. Use DHCP on the jails? Idea: The DHCP server runs on the router and should add the spilled-out addresses to its routing table.

2. Put something like a hosts-file on the FreeNAS host to facilitate that packets which arrive at the FreeNAS host with a destination IP of a jail forwarded to such jail and not rejected?

3. Edit something lika a hosts-file on the local DNS ? If yes, what do I put in there given that this is not about resolving names into IP-
addresses but announce a route?

Any view is appreciated, thanks for your input!
 

sretalla

Powered by Neutrality
Moderator
Joined
Jan 1, 2016
Messages
9,702
A bridge is sort-of like a virtual switch in that it connects interfaces at a MAC address level.

Therefore, what is really happening is that your Jail's MAC address is also being ARPed out of the same NIC as your FreeNAS server, since your VNET0 interfaces from the jails and igb0 are bridged by bridge0

bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 02:39:d5:24:fe:00
nd6 options=9<PERFORMNUD,IFDISABLED>
groups: bridge
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
member: vnet0:44 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 7 priority 128 path cost 2000
member: vnet0:43 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 5 priority 128 path cost 2000
member: vnet0:42 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 6 priority 128 path cost 2000
member: igb0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 1 priority 128 path cost 20000

Some configurations can get tricky with this as your FreeNAS nic can appear to be playing tricks by pretending to be many other computers/devices, so strict security can block this (some people running on VMware need to allow impersonation on their virtual switches to make this work, for example). I doubt this would be the case for any home router though.

Your point about DHCP could be valid as the router may be set to block addresses not assigned by it (this must be pretty old gear if that's the case, but I have seen it before in my 23 year career in IT).

I doubt your other 2 points will be relevant.
 

darkmatter

Cadet
Joined
Feb 27, 2019
Messages
4
Still trying to figure this out. To assign IP addresses to the jails by the router did not help to make the problem disappear. Switching off the dedicated DNS server and letting the router take care of DNS did not help either.

The problem remains the same: after a little while (couple of minutes) the jail is not reachable from the home network. Since each jails has internet access and can ping the other jails I figure this is not a FreeNAS issue but an issue with my home network. The search goes on ...
 

RegularJoe

Patron
Joined
Aug 19, 2013
Messages
330
I am concerned with your issue and hope I do not acquire it. Can you post one of your iocage jail settings : iocage get all %JailNameGoesHere%

I am using VNET, Berkely Packet Filter and raw sockets, with a static IP address.
 

Krautmaster

Explorer
Joined
Apr 10, 2017
Messages
81
got a similar issue:

FreeNas device.

VMX0 LAN Interface, DHCP by router 192.168.2.10 , /24 subnet
VMX1 DMZ interface, DHCP by 2nd router, 192.168.1.* /24 Subnet with other webservers
VMX2 (10G Point to Point with workstation) -> this one is wayne at this point

I sucessfully configured a nextcloud jail to access VMX1, static IP. Config:
Code:
root@freenas[~]# iocage get all nextcloud
CONFIG_VERSION:14.1
allow_chflags:0
allow_mlock:0
allow_mount:0
allow_mount_devfs:0
allow_mount_nullfs:0
allow_mount_procfs:0
allow_mount_tmpfs:0
allow_mount_zfs:0
allow_quotas:0
allow_raw_sockets:1
allow_set_hostname:1
allow_socket_af:0
allow_sysvipc:0
allow_tun:0
available:readonly
basejail:no
boot:on
bpf:no
children_max:0
cloned_release:11.2-RELEASE
comment:none
compression:lz4
compressratio:readonly
coredumpsize:off
count:1
cpuset:off
cputime:off
datasize:off
dedup:off
defaultrouter:192.168.1.1
defaultrouter6:none
depends:none
devfs_ruleset:4
dhcp:off
enforce_statfs:2
exec_clean:1
exec_fib:0
exec_jail_user:root
exec_poststart:/usr/bin/true
exec_poststop:/usr/bin/true
exec_prestart:/usr/bin/true
exec_prestop:/usr/bin/true
exec_start:/bin/sh /etc/rc
exec_stop:/bin/sh /etc/rc.shutdown
exec_system_jail_user:0
exec_system_user:root
exec_timeout:60
host_domainname:none
host_hostname:nextcloud
host_hostuuid:nextcloud
host_time:yes
hostid:fc7ded00-a73b-11e9-ba35-00155d026400
hostid_strict_check:off
interfaces:vnet0:bridge0
ip4:new
ip4_addr:vmx1|192.168.1.200/24
ip4_saddrsel:1
ip6:new
ip6_addr:none
ip6_saddrsel:1
jail_zfs:off
jail_zfs_dataset:iocage/jails/nextcloud/data
jail_zfs_mountpoint:none
last_started:2019-09-16 15:33:17
login_flags:-f root
mac_prefix:00155d
maxproc:off
memorylocked:off
memoryuse:off
mount_devfs:1
mount_fdescfs:1
mount_linprocfs:0
mount_procfs:0
mountpoint:readonly
msgqqueued:off
msgqsize:off
nmsgq:off
notes:none
nsemop:off
nshm:off
nthr:off
openfiles:off
origin:readonly
owner:root
pcpu:off
priority:99
pseudoterminals:off
quota:none
release:11.2-RELEASE-p11
reservation:none
resolver:nameserver 192.168.1.1
rlimits:off
securelevel:2
shmsize:off
stacksize:off
state:up
stop_timeout:30
swapuse:off
sync_state:none
sync_target:none
sync_tgt_zpool:none
sysvmsg:new
sysvsem:new
sysvshm:new
template:no
type:jail
used:readonly
vmemoryuse:off
vnet:off
vnet0_mac:00155dbab581 00155dbab582
vnet1_mac:none
vnet2_mac:none
vnet3_mac:none
vnet_default_interface:vmx1
vnet_interfaces:none
wallclock:off


I wanted to do the same for a plex jail. In LAN, VMX0, static, eg 192..168.2.25. Any how, I cant get it to work.

Config:
Code:
root@freenas[~]# iocage get all plex
CONFIG_VERSION:14.1
allow_chflags:0
allow_mlock:0
allow_mount:0
allow_mount_devfs:0
allow_mount_nullfs:0
allow_mount_procfs:0
allow_mount_tmpfs:0
allow_mount_zfs:0
allow_quotas:0
allow_raw_sockets:1
allow_set_hostname:1
allow_socket_af:0
allow_sysvipc:0
allow_tun:0
available:readonly
basejail:no
boot:on
bpf:no
children_max:0
cloned_release:11.2-RELEASE
comment:none
compression:lz4
compressratio:readonly
coredumpsize:off
count:1
cpuset:off
cputime:off
datasize:off
dedup:off
defaultrouter:192.168.2.10
defaultrouter6:none
depends:none
devfs_ruleset:4
dhcp:off
enforce_statfs:2
exec_clean:1
exec_fib:0
exec_jail_user:root
exec_poststart:/usr/bin/true
exec_poststop:/usr/bin/true
exec_prestart:/usr/bin/true
exec_prestop:/usr/bin/true
exec_start:/bin/sh /etc/rc
exec_stop:/bin/sh /etc/rc.shutdown
exec_system_jail_user:0
exec_system_user:root
exec_timeout:60
host_domainname:none
host_hostname:plex
host_hostuuid:plex
host_time:yes
hostid:fc7ded00-a73b-11e9-ba35-00155d026400
hostid_strict_check:off
interfaces:vnet0:bridge0
ip4:new
ip4_addr:vmx0|192.168.2.25/24
ip4_saddrsel:1
ip6:new
ip6_addr:none
ip6_saddrsel:1
jail_zfs:off
jail_zfs_dataset:iocage/jails/plex/data
jail_zfs_mountpoint:none
last_started:2019-09-16 16:34:31
login_flags:-f root
mac_prefix:00155d
maxproc:off
memorylocked:off
memoryuse:off
mount_devfs:1
mount_fdescfs:1
mount_linprocfs:0
mount_procfs:0
mountpoint:readonly
msgqqueued:off
msgqsize:off
nmsgq:off
notes:none
nsemop:off
nshm:off
nthr:off
openfiles:off
origin:readonly
owner:root
pcpu:off
priority:99
pseudoterminals:off
quota:none
release:11.2-RELEASE-p11
reservation:none
resolver:nameserver 192.168.2.10
rlimits:off
securelevel:2
shmsize:off
stacksize:off
state:up
stop_timeout:30
swapuse:off
sync_state:none
sync_target:none
sync_tgt_zpool:none
sysvmsg:new
sysvsem:new
sysvshm:new
template:no
type:jail
used:readonly
vmemoryuse:off
vnet:off
vnet0_mac:none
vnet1_mac:none
vnet2_mac:none
vnet3_mac:none
vnet_default_interface:vmx0
vnet_interfaces:none
wallclock:off


ifconfig in freenas says:

Code:
root@freenas[~]# ifconfig
vmx0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=60039b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,TSO6,RXCSUM_IPV6,TXCSUM_IPV6>
        ether 00:0c:29:44:55:04
        hwaddr 00:0c:29:44:55:04
        inet 192.168.2.95 netmask 0xffffff00 broadcast 192.168.2.255
        inet 192.168.2.25 netmask 0xffffff00 broadcast 192.168.2.255
        nd6 options=9<PERFORMNUD,IFDISABLED>
        media: Ethernet autoselect
        status: active
vmx1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=60039b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,TSO6,RXCSUM_IPV6,TXCSUM_IPV6>
        ether 00:0c:29:44:55:0e
        hwaddr 00:0c:29:44:55:0e
        inet 192.168.1.102 netmask 0xffffff00 broadcast 192.168.1.255
        inet 192.168.1.200 netmask 0xffffff00 broadcast 192.168.1.255
        nd6 options=9<PERFORMNUD,IFDISABLED>
        media: Ethernet autoselect
        status: active
vmx2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=60039b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,TSO6,RXCSUM_IPV6,TXCSUM_IPV6>
        ether 00:0c:29:44:55:18
        hwaddr 00:0c:29:44:55:18
        inet 192.168.3.1 netmask 0xffffff00 broadcast 192.168.3.255
        nd6 options=9<PERFORMNUD,IFDISABLED>
        media: Ethernet autoselect
        status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
        inet 127.0.0.1 netmask 0xff000000
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        groups: lo
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 02:eb:1f:d8:f6:00
        nd6 options=1<PERFORMNUD>
        groups: bridge
        id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
        maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
        root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
        member: vmx1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 2 priority 128 path cost 2000



I can ping my router from within the JAIL Plex
I can resolve google.com

1568652353610.png


But what not works is to do a pkg update

1568652381221.png


Ideas?

Thanks a lot!
 
Last edited:

sretalla

Powered by Neutrality
Moderator
Joined
Jan 1, 2016
Messages
9,702
Your problem is this:
defaultrouter:192.168.2.10

You don't route from your FreeNAS NIC, you route from your router (probably defaultrouter:192.168.2.1)

This is also problematic unless you're running DNS on this interface:
resolver:nameserver 192.168.2.10
 

Krautmaster

Explorer
Joined
Apr 10, 2017
Messages
81
thats my internet router for all devices, doing DHCP, DNS, Gateway. 192.168.2.10. Local LAN. 192.168.2.1 is unused.
In my Nextcloud DMZ, there is a virtual firewall, spanning 192.168.1.1 as default router.

As my Plex Jail, oher than nextcloud, should be within the local LAN, I'd say nameserver 192.168.2.10 as well as default gateway same IP should be fine. And this IP is pingable from that new jail. Even google seems to be resolved - but any how that package manager could not be installed.

I dont even know if i should really set the Plex Jail to use VNET or not. In general the config should be exactly the same as "nextcloud" jail, only that it is connected to the VMX0 (LAN) instead of VMX1 (DMZ)

Thats why i posted both for comparison. Thanks

Edit. No idea if it helps but my Freenas LAN VMX0s IP is static as well and 192.168.2.95 as you can see.

So we have

LAN
192.168.2.10 (gateway, router) -> WAN
192.168.2.25 (Plex Jail) -> Problem is here (no internet from Jail)
192.168.2.95 (Freenas itself)
...

DMZ:
192.168.1.1 (Pfsense Firewall) -> DHCP from 192.168.2.10 -> WAN
192.168.1.102 (Freenas DMC Nic via DHCP)
192.168.1.200 (Nextcloud Jail on Freenas, static)
 

Krautmaster

Explorer
Joined
Apr 10, 2017
Messages
81
damn, I remember. I had the same issue (no internet) on that VMX1 with DMZ and Nextcloud Jail as well.

I had to set the default gateway for the Freenas Server (in Global Network Config) to 192.168.1.1 - even if i normally wanted it to be the normal LAN Gateway like for every other device in LAN.

That was the only way I could get that seperated subnet to be working with Freenas Jails (by manually entering the DMZ gatewa to Freenas settings). :( Any how I guess I am doing somehing wrong.

It must be possible to have the freenas vmx completely standard in LAN, with IPs listed above and to have the second nic to act for DMZ and several Jails to be connected to it.

Its a buggy mess anyway. If i set my default router ofthe main freenas device testwise to 192.168.2.10, and switch back to 192.168.1.1, the nextcloud jail is unable to be reachable from DMZ machines. So even undoing that default router stuff breaks the jail network.

1568668477982.png

1568668507741.png

-> that weird DMZ nameserver + Gateway and default route (other than 192.168.2.10) was experimentally needed to get the nextcloud jail to work fine in the DMZ monthes ago)

It would be nice if someone is able to help me in this. How to get this seperated VLAN internally working. For my nextcloud jail mainly.
That cant be that hard.

LAN
192.168.2.10 (gateway, router) -> WAN
vmx0 192.168.2.25 (Plex Jail) -> Problem is here (no internet from Jail)
vmx0 192.168.2.95 (Freenas itself)
...

DMZ:
192.168.1.1 (Pfsense Firewall) -> DHCP from 192.168.2.10 -> WAN
vmx1 192.168.1.102 (Freenas DMZ Nic via DHCP or static I dont care. not required at all)
vmx1 192.168.1.200 (Nextcloud Jail on Freenas, static)

thats is all i want. With every device being able to use the Internet and the matching servers. If I reenter the normally wrong default dmz gateway to freenas again, I need to reboot the whole server and then the Nextcloud jail is fine again to access the web though the dmz as it seems to ignore the iwn default gateway and to use the system setting instead.

My bain tells me i nee dto work with VNET in this config. At least for the Plex Jail as it shares the nic with Freenas itself in LAN. The Nextcloud Jail could fully use the vmx1 alone for DMZ. Help would be appreciated.
 
Last edited:

RegularJoe

Patron
Joined
Aug 19, 2013
Messages
330
So I see from your network settings I see you have dual NIC's and some of those INTEL NIC's have BMC that is shared(Apple X Serve) and creates a TON of issues on the shared port. So bad that with VMware ESXi I had to abandon using the on board NIC's.
 
Top