Hey, thanks for this interesting thread. I'd also like to configure a jail in my FreeNAS installation to have two logical interfaces. You guys seem to have done it with the config-snippets given above. My question to you: Has anybody done this by using VLAN-interfaces as the source-interface which is to be connected to the jail?
In my installation, I use a lagg0-interface with two physical interfaces. One logical network is untagged (it's the network the main FreeNAS is on), the other is tagged. I added the VLAN-id via the GUI, and for tests I configured an IP in the range of the VLAN (also via the GUI). This works perfectly, and I can connect to other systems in the VLAN back and forth my using the new IP. So the basic connectivity, dot1q-tagging etc from FreeNAS works fine.
The next logical step is to connect this working VLAN (tag=50) to the jail.
Code:
# jail-pre-start
ifconfig bridge50 create ## set bridgeN as you need
ifconfig bridge50 up
ifconfig epair50 create ## set epairN as you need
ifconfig bridge50 addm epair50a addm vlan50 ## Change em1 to your NIC name from ifconfig
ifconfig epair50a up
# jail-post-start
ifconfig epair50b vnet "${JAILNAME}"
#jexec "${JAILNAME}" ifconfig epair50b up
jexec "${JAILNAME}" ifconfig epair50b inet 192.168.50.11 netmask 255.255.255.0 up
In the host I see now these interfaces (selection):
Code:
vlan50: flags=8942<BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=303<RXCSUM,TXCSUM,TSO4,TSO6>
ether d0:50:99:2d:fc:aa
nd6 options=9<PERFORMNUD,IFDISABLED>
media: Ethernet autoselect
status: active
vlan: 50 parent interface: lagg0
bridge50: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 02:ac:b5:e2:f4:32
nd6 options=1<PERFORMNUD>
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
member: vlan50 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 5 priority 128 path cost 55
member: epair50a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 9 priority 128 path cost 2000
epair50a: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 02:ff:20:00:09:0a
nd6 options=1<PERFORMNUD>
media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
status: active
In the jail, I see these interfaces:
Code:
epair1b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 02:ff:70:00:0c:0b
inet 172.22.2.32 netmask 0xffffff00 broadcast 172.22.2.255
nd6 options=9<PERFORMNUD,IFDISABLED>
media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
status: active
epair50b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 02:ff:70:00:0a:0b
inet 192.168.50.11 netmask 0xffffff00 broadcast 192.168.50.255
nd6 options=1<PERFORMNUD>
media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
status: active
The upper interface epair1b is the one configured via the FreeNAS-GUI, and connects to lagg0 directly (untagged). epair50b is configured by the config-snippets above, and connects to vlan50 (which physically also uses lagg0, tagged). For a reason I don't understand, the upper interface works, while the lower does not. When I ping from the jail, I don't even see tagged ARP-packets going out lagg0. If I do it from the host (FreeNAS), I see the packets, and everything works. So it is the stitching between the vlan-interface and jail via the bridge, which doesn't work. Any ideas?
Thanks,
airflow