Register for the iXsystems Community to get an ad-free experience and exclusive discounts in our eBay Store.

SOLVED Jails and Different Subnets

Joined
Jul 2, 2019
Messages
43
Thanks
5
#1
Hi Folks - Maybe I had a bad night's sleep on this one...

I've been going through the documentation, Google university, etc. but I can't seem to figure this out:

I have a couple of subnets (one for trusted wired clients, one for trusted WiFi clients) that are separate from my server subnet (192.168.25.0/24, 192.168.30.0/24 and 192.168.20.0/24, respectively). I have four NICs in my server (igb0, igb1, igb2, igb3) and the "main" FreeNAS interface is using igb0 (192.168.20.170). I have igb2 on the 192.168.25.0 network and igb3 on the 192.168.30.0 network. The goal is to my a jail for the miniDLNA server to, err..., serve movies to the wired and WiFi subnets. (I have IGMP proxy working on the pfSense box but I really don't like having it that open.)

A couple of questions:
1. Do I have to have a FreeNAS IP on igb2 and igb3? I tried this and I started having weird problems with the admin web interface losing connections, ssh connections into FreeNAS dropping, etc.
2. (Really an extension of question 1) Do I just put the wired and WiFi IPs directly on the jail?
3. Do I have to add the second subnet to jail via the command line? If so, where are the files? The examples I have found note .MyJail.meta, etc. files, that don't seem to exist for FreeNAS-11.2-U5.

Thanks!

*** Edit ***
I tried adding an IP to the jail (e.g., 192.168.25.253) and found that I could actually ssh into the FreeNAS box on that IP. If I look at FreeNAS' networking Global Configuration information I see igb0 (and 192.168.20.17) and nothing else. However, if I check the Networking Summary information I see the jail's IP. I am obviously missing something obvious here :-(
 
Last edited:
Joined
Jul 2, 2019
Messages
43
Thanks
5
#2
I've made some progress. I have the jail bound to the second NIC using @Rilo Ravestein's instructions. However, when I go to add the second interface using the instructions on the config page for the jail it will not work.

Instructions are:
Code:
Configure IPv4 networking or internet access for the jail. Enter the IPv4 address for VNET(9) and shared IP jails.
Single interface format: [interface|]IP-address[/netmask].
Example: vnet2|192.168.0.15/24
Multiple interface format: [interface|]IP-address[/netmask],[interface|]IP-address[/netmask].
Example: 192.168.0.10/24,vnet3|192.168.10.50


However, this will not work. Even just using anything other than the IP address is not accepted (i.e., vnet0|192.168.25.253).

Suggestions?
 
Joined
Jul 2, 2019
Messages
43
Thanks
5
#3
Okay - I figured this out.
To do this I needed to add some system tuneables to rc.conf:
Code:
# add bridges for the .25.0/24 and .30.0/24 networks
cloned_interfaces: bridge25 bridge30
# add igb2 to bridge25
ifconfig_bridge25: addm igb2 up
# add igb3 to bridge30
ifconfig_bridge30: addm igb3 up
# turn on igb2
ifconfig_igb2: up
# turn on igb3
ifconfig_igb3: up


Once that is done I created the jail via the command line:
Code:
iocage create -n "MiniDLNA_Server" -r 11.2-RELEASE \
vnet="on" ip4_addr="vnet0|192.168.25.253/24,vnet1|192.168.30.253/24" \
defaultrouter="192.168.25.254 192.168.30.254" vnet="on" \
allow_raw_sockets="1" boot="on" \
interfaces="vnet0:bridge25,vnet1:bridge30" \
resolver="search pelleys.com;domain pelleys.com;nameserver 192.168.20.254"


Of note, defaultrouter needs a space and not a comma between the gateways.
 
Top