SOLVED Jail VNET Bug? Cannot communicate outside

[bigops]

I have been trying to create a Jail with a network segment different from the default network segment. My network looks like this

The issue that I am facing is that the Jail cannot communicate anywhere outside. It can ping its own IP address but nothing else. What I have noticed is that the vnet0 associated with the Jail nic epair0b is assigned the interface oce0 whereas it should ideally be assigned em0 which is connected to the DMZ switch. I have found no configuration which will force epair0b to use the em0 interface. Due to this the Jail is practically useless. Does anyone have any suggestion what should be the configuration for this to work. I have already tried adding vnet0.bridge13 to the interfaces in network properties and set the default interface for the Vnet to none as suggested elsewhere.

 

[Patrick M. Hausen]

• change vnet_default_interface from "auto" to "none"
• set Network Properties > interfaces to "vnet0:bridge13"

in your jail settings. The latter is where you can explicitly set which interface to use. Make sure to disable hardware offloading for em0.

 

[bigops]

Hi Patrick, thanks for the response. Unfortunately that does not work. The Interface still tries to attach itself to the 10Gig Internal interface. Here are some screenshots

From within the Jail Shows the wrong interface

The configs are exactly as suggested

What am I missing or this a major bug?

 

[Patrick M. Hausen]

I have half a dozen of jails configured like that and can assure you it works. And the media type inside the jail is irrelevant. epair is a virtual interface that will always be displayed as "10 G".

As you can see from the ifconfig output outside the jail, the vnet0.1 is associated with the jail "Test" and a member of bridge13. As is em0. So all is well.

Did you disable hardware offloading for em0? This is mandatory. And afterwards please reboot the whole system once. The jail connections tend to "hang" when changing the network configuration of the host system for some reason. You can of course add and remove, start and stop jails, but any change to the host networking seems to mess up the subsystem enough it needs a clean reboot.

Last, one favour: please do not post screenshots for command output. How can I copy&paste from that? Use SSH for all command line interaction and copy and paste text. In code tags like this:

Code:

This is inside code tags

 

[bigops]

Thanks Patrick. I just verified the hardware offload and rebooted the system and everything seems to work magically . So I think the hardware offload setting could have been the issue.

Thanks for all your help. I had been on this issue for more than 8 hrs now and it is a relief to have finally put it to rest.

 

[der_Chris]

Thank you Patrick.
I am searching since a few Days for a fix of my connection. In the best case I was able to ping from truenas to my jail and from my jail to my truenas server.
I was looking at a lot of threads with replies from you in (almost) all threads.
Best thing of thinks not working is: You get to learn a lot about the system.

In my case the Hardware Offloading was also the problem or at least part of the problem.