Register for the iXsystems Community to get an ad-free experience and exclusive discounts in our eBay Store.

Network bridging to access two FreeNAS GUIs with 1 cable

Joined
Oct 18, 2018
Messages
477
Thanks
222
#1
Apologies if this has been answered before. I've done some searching and found several posts discussing bridging but didn't see anything about my specific use case and I wanted to get a bit of advice/guidance before I set it up.

I have two FreeNAS machines running currently, my primary and my backup which receives replication data from the primary. Both machines have 2x1Gb ports and 2x10Gb ports. I used 1 of the 10Gb ports on each to set up replication and 1 of the 1Gb ports each to wire directly to the rest of my network thus giving me GUI access to both machines.

Due to some rearranging I'm in a situation where it would be extremely ideal to only have a single network cable running from my router to my FreeNAS machines. Replication is working as before because the machines were directly connected and required no additional router etc. However, because I have only a single cable connecting to servers to the rest of the house without some solution I currently have access to only 1 GUI at a time.

Am I correct in believing that I can use network bridging to give me access to both machines using only the single cable running from my router to the primary machine on 1 1Gb port bridged with a second network port leading to my backup nas?

Code:
router
|
\ igb0 |
       | bridge0
/ igb1 |              Primary
|
|  cxl0 (10Gb)
|  ||
|  ||  -------------------
|  ||
|  cxl0 (10Gb)
|                      Backup
\ igb0


From looking at the FreeBSD docs on this topic I believe that I could do something like the following

Code:
cloned_interfaces="bridge0"
ifconfig_bridge0="addm igb0 addm igb1 up"
ifconfig_igb0="up"
ifconfig_igb1="up"
ifconfig_bridge0="inet 192.168.0.1/24" #or whatever IP my primary server should be accessed at


Is the above correct? And if so, can I just set those each as tunables for rc.config under System->Tunables? I assume order matters there and that it goes top-to-bottom?

The ifconfig_bridge0="inet 192.168.0.1/24" line comes from the following statement in the FreeBSD documentation
If the bridge host needs an IP address, set it on the bridge interface, not on the member interfaces. The address can be set statically or via DHCP. This example sets a static IP address:
The above leads me to believe that without ifconfig_bridge0="inet 192.168.0.1/24" I would no longer have access to my primary machine via igb0.
 
Last edited:
Joined
Oct 18, 2018
Messages
477
Thanks
222
#3

HoneyBadger

Mushroom! Mushroom!
Joined
Feb 6, 2014
Messages
1,969
Thanks
655
#4
Perhaps, but if I can save $15 by using a bridge with hardware I've already got I'd rather do that.
Corollary: Your time has value, and I wager it would take more than $15 of "your time" to achieve the same results, while also making the management of the second system dependent on the bridge always being up. ;)
 
Joined
Oct 18, 2018
Messages
477
Thanks
222
#5
Corollary: Your time has value, and I wager it would take more than $15 of "your time" to achieve the same results, while also making the management of the second system dependent on the bridge always being up.
Rebuttal: learning has value to me as well and so does tinkering with the system. :) I'm sure someone around here has the appropriate expertise. ;)
 
Joined
Oct 18, 2018
Messages
477
Thanks
222
#6
I went ahead and took the risk and gave it a shot. I used the following commands
Code:
$ ifconfig bridge
$ ifconfig bridge0 addm igb0 addm igb1 up
$ ifconfig igb0 up
$ ifconfig igb1 up
$ ifconfig bridge0 inet 192.168.1.2/24 # Matches the IP I typically reach my primary server at via igb0

After running this I noticed that ifconfig bridge0 didn't list both igb0 and igb1 and I still didn't have access to the second server so I ran ifconfig bridge0 addm igb1 again and viola, it worked. I can now access my backup machine at the typical IP using the cabling described above.

My router does report 2 devices at 192.168.1.2, one is described as a bridge and the other described as the freenas server as it was prior to adding the bridge. Anyone have more information on what this is about and whether it is problematic? I wouldn't have expected the IP to appear twice.

I'm considering now adding a script like the following to make this setup automatic on startup.
 

sretalla

FreeNAS Expert
Joined
Jan 1, 2016
Messages
1,260
Thanks
321
#7
Bridge interfaces don't need IP addresses.

I'm considering now adding a script like the following to make this setup automatic on startup.
You don't need that. Do it with tunables. (since your interfaces are available at boot time, not being jails or other special software interfaces)

Type rc
ifconfig_bridge0
addm igb0 addm igb1 up

You may need another one for
cloned_interfaces
bridge0
 
Joined
Oct 18, 2018
Messages
477
Thanks
222
#8
Bridge interfaces don't need IP addresses.
Could you expand a bit on this? What was the documentation referring to when it said if the bridge host needs an IP? In what cases would you need an IP for the bridge?
 

HoneyBadger

Mushroom! Mushroom!
Joined
Feb 6, 2014
Messages
1,969
Thanks
655
#9
Could you expand a bit on this? What was the documentation referring to when it said if the bridge host needs an IP? In what cases would you need an IP for the bridge?
The bridge host (the host serving the bridge device) needs an IP, but the bridge itself is a Layer 2 device and as such will only have a MAC address.

Edit: "If the bridge host needs an IP address then the correct place to set this is on the bridge interface itself rather than one of the member interfaces." That would mean to remove the IP from your igb0 interface and set it on the bridge device instead.
 

sretalla

FreeNAS Expert
Joined
Jan 1, 2016
Messages
1,260
Thanks
321
#10
What was the documentation referring to when it said if the bridge host needs an IP?
The FreeNAS server (I guess it already has one or you won't be using it as a bridge... nor anything else).

as mentioned by @HoneyBadger, only needed when the bridging device has no other interfaces than the bridge interface itself (like a simple switching device).
 
Joined
Oct 18, 2018
Messages
477
Thanks
222
#11
@sretalla I started to write that I don't follow and began to try to describe my confusion, but I think after some time looking over what I'd written I may sort of understand. Is the following correct? I'll admit though I'm new to networking so perhaps there is some assumed knowledge I'm lacking which makes it hard for me to follow.

For argument's sake, imagineI have 3x 2Gb NICs and I created a bridge out of igb0 and igb1 and did not plug anything into igb2, did not include igb2 in bridge0, and did not set an IP address on bridge0 via ipconfig bridge0 inet 1.2.3.4/24. Is it true that I would have access to any devices connected via igb0 or igb1 but would not have access to the host machine itself unless I connected via igb2?
Code:
# Physical Layer
 _____________
| Host Server |
|.............|
|    bridge0  |
|         igb0|=----=Router
|         igb1|=----=Backup Server
|.............|
|         igb2|
|_____________|

# L2
Backup Server=------=bridge0=-----Router
Primary Server=


If I define the IP address on bridge0, would it be fair to say that this is as if another imaginary interface is created which it connects to the host machine, giving it access to the L2 network?

Code:
# Physical Layer
 _____________
| Host Server |
|.............|
| bridge w/IP |
|         igb0|=----=Router
|         igb1|=----=Backup Server
|.............|
|         igb2|
|_____________|

# L2
Backup Server=------=bridge0=-----Router
Primary Server=--------//


I've also come across answers like this one and this other one on stack exchange sites which suggest that this may be at least on the right track.
 

sretalla

FreeNAS Expert
Joined
Jan 1, 2016
Messages
1,260
Thanks
321
#12
You mostly seem to get it... the access to the FreeNAS host is more about the bindings you do in the FreeNAS config... if you bind SMB to an IP, bridge a jail to a NIC, etc.

The GUI is automatically set to bind to 0.0.0.0 on all interfaces, so you would still be able to get to the GUI form any NIC at least until you change that to specify only the address of igb2.
 
Joined
Oct 18, 2018
Messages
477
Thanks
222
#13
The GUI is automatically set to bind to 0.0.0.0 on all interfaces, so you would still be able to get to the GUI form any NIC at least until you change that to specify only the address of igb2.
Are you saying that in the above example where the only physical route between my laptop and the FreeNAS server is via my router to igb0 and that I can still access the GUI regardless of whether I've set an IP address on the bridge? If so, how would my request for the FreeNAS GUI by IP address be resolved by the bridge to forward traffic to the host machine itself? The GUI may be listening on all interfaces, but wouldn't the bridge need to be configured to send the data to the host machine in the first place rather than out igb1, say?
 

sretalla

FreeNAS Expert
Joined
Jan 1, 2016
Messages
1,260
Thanks
321
#14
I see what you mean... if the subnet you connect a NIC to is routable, you can get to it, clearly if it isn't FreeNAS won't just pick up packets off one network and move them to another one (routing... or in that case some kind of proactive routing) unless you configured it to do so.

That is sort of what a bridge does though... it's layer 2 stuff, so will just take whatever is on one side of the bridge and pass it over to the other side, not caring about addresses (which are layer 3).
 

sretalla

FreeNAS Expert
Joined
Jan 1, 2016
Messages
1,260
Thanks
321
#15
Top