Jail on dedicated network

mpfusion

Contributor
Joined
Jan 6, 2014
Messages
198
I tried every combination that made sense to me. Doesn't work. Still using the wrong interface em0 instead of em1. Maybe someone with a working configuration can chime in and let me know what to configure. I'm running out of ideas. A simple jail setup, how hard can it be?!
 

millst

Contributor
Joined
Feb 2, 2015
Messages
141
Neither the jail nor system need to be started/stopped to make changes with ifconfig.

The proper config is a bridge with the physical interface and jail interface. You also need to have sensible IP settings for everything. I know this works, I have jails working with VNET.

I know you had raw sockets on in the original post, but that doesn't mean it didn't get [inadvertently] changed at some point. It's easy to transpose a digit or some other error. You could use something like curl/wget to check a web site. A simpler tool, host would check DNS resolution.

Are you positive your router is setup correctly? You could verify that by temporarily changing FreeNAS to use the network setup for your jail. Maybe better, configure a laptop or something else so that you're not mucking the NAS up.

You probably would have been better off using em0 for your jails and em1 for your NAS. From my experience iocage likes to automatically create bridge0 and dump the first NIC in it.
 

mpfusion

Contributor
Joined
Jan 6, 2014
Messages
198
Sucess: I've got network connection from the jail. I can grab web pages. However, ping on the internet doens't work. Ping on the same subnet works.

Maybe it's a router issue, although I've specifically enabled ICMP and it works for all other subnets. That's why I expected the jail config. I can't change router settings now (remotely over the network). Will check when I have local access again. I'm finally getting there. Need to figure out why TCP works and ICMP fails.

Thanks for your support so far.
 

mpfusion

Contributor
Joined
Jan 6, 2014
Messages
198
Final update: It works now. The problem was a router misconfiguration on my part. Thanks a lot for the support @millst.
 

Krautmaster

Explorer
Joined
Apr 10, 2017
Messages
81
plz share your solution more detailled. Facing the same issue.

I want to have my own DMZ while the jail is inside the dmz and freenas itself outside.
 

mpfusion

Contributor
Joined
Jan 6, 2014
Messages
198
plz share your solution more detailled.

I settled for this configuration which works for me:

Code:
em0: 10.0.11.15  - main interface
em1: 10.0.91.15  - DMZ

Release: 11.2-RELEASE-p8
VNET: checked
IPv4 Interface: vnet0
IPv4 Address: 10.0.91.100
IPv4 Netmask: 24
IPv4 Default Router: 10.0.91.10
allow.raw_sockets: checked
vnet_interfaces: unchecked
interfaces: vnet0:bridge0
resolver: nameserver 10.0.91.10
vnet_default_interface: em1

No tunables
 
Top