Multiple Nic

BlueScreenTT

Explorer
Joined
Mar 26, 2018
Messages
69
Hi

i posted some time ago about this problem and basicly got shot down :) because i was doing it wrong (multiple NIC on the same subnet)
So not i have changed the whole network setup.

PFSense box.
all running on bce1

Lan 192.168.90.0/24
VLAN: Guests 192.168.10.0/24
VLAN: Media 192.168.20.0/24
VLAN: IOT 192.168.30.0/24
VLAN: Surveillance 192.168.40.0/24
VLAN: Kidsphones 192.168.50.0/24
VLAN: DMZ 192.168.100.0/24

Firewall rules are set so that no VLAN can access another VLAN or LAN
Lan can access all VLAN's

Freenas
Static IP
igb0: 192.168.90.10/24 / LAN
igb1: 192.168.40.10/24 / Surveillance / storage for Camera
igb2: 192.168.20.10/24 / Media for Plex and other media streaming
igb3: 192.168.100.5/24 / DMZ for my webservers

How do i set up multiple gateways and DNS in Freenas so that i can actually get the traffic to route/work
can i use 192.168.90.1; 192.168.40.1; 192.168.20.1 and so on in the global config ?
or is the solution static routing ? and if so how ?

or am i still doing this wrong ?

\\ BlueScreenTT aka Thomas
 
Last edited:

jgreco

Resident Grinch
Joined
May 29, 2011
Messages
18,681
There's no such thing as "multiple gateways." There's a whole bunch of stupid out there that says I'm wrong, but generally speaking, I'm not.

You point the DNS server entries at your DNS server and that just magically works because you've got your DNS server set up to serve up names for all the things you want. In a small setup, this likely handles both recursion lookups and authoritative naming.

You have two general options for access to other subnets.

You may place an interface for your FreeNAS on each subnet, which is fine, except that if you're expecting to access it as "freenas.your.domain" then you might not get quite the behaviour you're expecting, as client traffic will need to cross your pfSense box. Return traffic can happen directly on the subnet in question. The way to make that better is to use a local name on each subnet, use an IP address, or some other method to make clients on that subnet go to the FreeNAS address on that subnet. This has always been an ugly aspect to IPv4 and DNS.

You may also run most subnets through your pfSense to reach your FreeNAS. This can have performance implications but is very clean on the IP networking side of things.

The idea of "multiple gateways" is broken from the start. In what case would the NAS use something other than its default gateway, or a specific route (connected, static, whatever)? You can only have one way to reach any given IP address. You can do stuff like CARP/VRRP to gain high availability of a gateway, or several routers that connect specific subnets, but IP routing information needs to be complete and unambiguous.
 
Joined
Dec 29, 2014
Messages
1,135
It would be easier to comment on a solution if you would describe what you are trying to accomplish with the multiple vlan setup, and why you went that way.
 

BlueScreenTT

Explorer
Joined
Mar 26, 2018
Messages
69
i want to lock out the kids, IOT, Guests and everything else from my main LAN
but my Freenas is on my main lan. and Freenas runs plugins i need on the different physical lans and Vlans.

Plex i want to run on Vlan30/media

My mailserver is running on DMZ (dedicated NIC and dedicated port on PFSense) so no problem there

my problem is the Jails i want on different Vlans or dedicated NIC's for physical seperation.
 

BlueScreenTT

Explorer
Joined
Mar 26, 2018
Messages
69
I am so sick and tiered of this shit.
dont know if i am too stupid to understand it but WTF.
i get everything working and it was working for a month
freenas and jails on 192.168.110.0 net and one VM on 192.168.90.0 net on a dedicated NIC.

after the latest update all the jails bind to the 192.168.90.0 NIC and now i cant get it back to 192.168.110.0 aarrgghh any tips ?
 
Top