Networking question

[dtom10]

Hello all!

I'm posed with an issue that i don't know how to resolve in *BSD. Hopefully someone will clear things for me.

Scenario:

Freenas with two network ifaces
One is connected to an internet router on subnet 192.168.0.0/24
The other I've setup to use subnet 192.168.1.0/24

I have the main interface setup on 192.168.0.200 (static ip), all traffic flows through the internet router's switch at the moment (192.168.0.1).

I need to setup two computers on the 192.168.1.0/24 subnet to connect to the internet through my Freenas box.

Essentially the 192.168.1.0/24 subnet traffic that is not destined for this subnet to go to the 192.168.0.1 gateway which is the default.

I want to have traffic going to the Freenas box to flow through the 192.168.1.0/24 iface and traffic with external destinations to be routed to the 192.168.0.1 default gateway.

The web interface does not appear to provide options for a configuration like that so I'm guessing I need to manually configure this type of network routing but I find it hard to figure out how to do it in freenas.

Any help will be much appreciated.

 

[Jailer]

FreeNAS is not a router, it's a storage appliance. Get the right tool for the job; get a router or a managed switch.

 

[dtom10]

I have the router. Problem is that I stumbled on a big issue with it. It's a Virgin Media gigabit router that has the tendency to drop the bandwidth to 100Mbit when you transfer a lot of data for a while. I want to skip the router for local data transfers as I don't care of bandwidth drops over the internet link but I do care when my backup is tenfold slower.

This is easily done with Linux by adding a static route and enabling ip forwarding. I can control the network segment, I'm quite happy to set static ips on my workstations I just need to know how do I set this up on Freenas since FreeBSD docs don't match with the way Freenas sets up networking. I just want to know how I can create a bridge between 192.168.0.0 subnet and 192.168.1.1 or a routing rule. Me thinks this is taken care of by routing rules.

Something along the lines of setting up a bridge on the 192.168.1.0 iface to the 192.168.0.0 iface or a static rule that states the gateway for 192.168.1.1 should be 192.168.0.1 with masquerading.

I maybe wrong in my assumption and I know Freenas is not really a router but it saves me from buying a 10m cat6 cable when I know it can do this.

 

[Jailer]

FreeNAS is a storage appliance. There is nothing in the GUI to do what you want to do. If you try altering the base system you can break things and it will be overwritten the first time you update it.

Get a switch if you want to take the load off the router.

 

[dtom10]

Ok, let me detail a bit the house configuration.

One room hosts the cable router from the ISP and the Freenas HP Microserver Gen8 box. These are linked directly through a Cat6 patch cord. The Microserver has two gigabit ifaces.

10 meters further are said two workstation computers which connect through a Linksys 5 port gigabit switch with the router to get both internet access and Freenas access.

Now, to accomplish what you propose would require to buy another 10m Cat6 cable and run another cable on the same path to the existing one whereas I would prefer to spare me from the hassle of running another cable if I can do this through the Freenas box. From what I see running two cables is easier than configuring Freenas to do this for me.

If the ISPs router would work properly I wouldn't ask this but we can't have nice things so here I am :/

 

[jgreco]

What you're asking for is essentially broken networking, and is going to result in endless hours of misery when things mysteriously break. Go out, get yourself an inexpensive real Ethernet switch, and call it a day. Even relatively feature-ful ones such as the Netgear GS108T which can do vlans, QoS, and all sorts of other fun stuff have been less than $100 for a long time.

 

[dtom10]

What you're asking for is essentially broken networking, and is going to result in endless hours of misery when things mysteriously break. Go out, get yourself an inexpensive real Ethernet switch, and call it a day. Even relatively feature-ful ones such as the Netgear GS108T which can do vlans, QoS, and all sorts of other fun stuff have been less than $100 for a long time.

Cool, you didn't read my previous post. I'll buy another 10m cat6 cable then. Thanks for confirming what I knew already!

 

[depasseg]

No, get a 1 foot cable and connect a new switch to the router. Then connect the freenas and the existing 10m cable (going to the other switch) to that new switch.

 

[dtom10]

Network cable is cheaper. At least in the UK. Can someone detail how I do this in Freenas or do I need to buy support? Is it that hard to do this?

 

[SweetAndLow]

You don't do this in freenas, you get a switch because that is what a switch does.

 

[jgreco]

Cool, you didn't read my previous post.

Of course I read your previous post. The point is that you shouldn't be using the switch inside the CPE.

I'll buy another 10m cat6 cable then. Thanks for confirming what I knew already!

Running cable back and forth is a crappy solution to the problem; I've been at enough customer sites where they've done the "expedient" thing to make things work cheaply that when something breaks, and eventually it gets to be a mess. Sooner or later you end up with a rats nest of cables, rather than just going with a reasonably designed switched network.

It isn't like cheap switches are super expensive.

http://www.bestbuy.com/site/tp-link...gigabit-ethernet-metal-switch-black/2080181.p

$21.

http://www.bestbuy.com/site/tripp-lite-25-rj-45-molded-shielded-cat-6-patch-cable-gray/4428415.p

$20.

 

[nightshade00013]

Jgreco, not to step on your toes but he complained that it was expensive in the UK so I want to make it even simpler. http://www.amazon.co.uk/D-Link-Giga...qid=1458022454&sr=1-3&keywords=gigabit+switch

If they can't afford 10£ then they probably shouldn't have built a fileserver to begin with. Any continued complaint on cost should be eliminated. As far as how to do it, below is a visual representation.

Router
|
|
|
Switch ------------FreeNAS
|
|
|
Switch-------Computer
|
|
|
Computer

If you continue beyond this point to insist on doing it your way you are free to do so but my guess is that continued help will not be available till you do it the accepted way. Ideally it would likely be better to get a better router that will not actu up but in lieu of that what we have put forth will be a way to eliminate the router as a source of issue for transfer on the internal network. On top of that when you have another problem the first thing we will ask you to do is correct any networking deficiencies before we try and help fix another problem.

 

[dtom10]

Ok,

So what you are proposing is to buy a cheap switch to fix the issue when a cheap switch (I'm guessing the ISP is not using the best equipment) was what got me in this predicament in the first place.

I was looking for similar requests from Freenas since i'm not the only or the first one to want to use it as a gateway and found that the reason why it's not supposed to do this in the first place is the jails and the network bridge required to allow them network access.

Anyway. my requirement is simple, 2 ifaces, one sits on the network with the ISP switch (192.168.0.0/24) the other I plan to have it in the 10.0.0.0/24 network to eliminate typos or confusion. Plan is to do NAT between 10.0.0.0 and 192.168.0.0

I was hoping to get a reply from people that did this with Freenas, in spite of all the "Freenas is a storage appliance", "Freenas is not a router" mantras.

 

[jprouvos]

Hi dtom10,

What you're planning to do here with the double NAT is from a networking point of view even worse.

Please do me a favor and have a Google on double NAT. Quickly you'll learn that it is more harm than good..

Rgds.
J.

 

[jgreco]

Jgreco, not to step on your toes but he complained that it was expensive in the UK so I want to make it even simpler.

Ow ow ow....?

So what you are proposing is to buy a cheap switch to fix the issue when a cheap switch (I'm guessing the ISP is not using the best equipment) was what got me in this predicament in the first place.

No. What the ISP provided you with is a cheap piece of $#!+. You already identified the CPE device as a problem, and most of the posters in this thread have probably had that exact sort of experience with CPE at one point or another. Trying to make the NAS do something its designers did not design for is going to break other things. Trying to halfarse your network design with more cabling or more networks is a bad idea.

If the ISPs router would work properly I wouldn't ask this but we can't have nice things so here I am :/

We're showing you how to make the ISP's router "work properly" and how to make it so you have nice things.

 

[anodos]

We're showing you how to make the ISP's router "work properly" and how to make it so you have nice things.

But you're not giving the requested answer!

 

[jgreco]

But you're not giving the requested answer!

Oh well for that just type "natd" at the FreeNAS CLI (getting the proper incantation is an exercise left to the reader).

Or configure the CPE to route 192.168.1.0/24 at 192.168.0.200, set net.inet.ip.forwarding to 1, and do ${something} for DHCP on 192.168.1.0/24.

But really, while I could configure a FreeNAS box to act as a 10G Internet core router with BGP and OSPF protocols in about 15 minutes, the fact of the matter is that it is a bad idea to put the machine in that role, and I'm not really going to help explain to newbies how to put the shell in the shotgun, cock it, and then show them where the trigger is.... Kinda like the virtualization issue, if you have to ask how to do it, your experience level is such that it will come back to screw you pretty quickly. There is no compelling reason that the OP's network situation can't just be fixed the right way.

 

[anodos]

Oh well for that just type "natd" at the FreeNAS CLI (getting the proper incantation is an exercise left to the reader).

Or configure the CPE to route 192.168.1.0/24 at 192.168.0.200, set net.inet.ip.forwarding to 1, and do ${something} for DHCP on 192.168.1.0/24.

But really, while I could configure a FreeNAS box to act as a 10G Internet core router with BGP and OSPF protocols in about 15 minutes, the fact of the matter is that it is a bad idea to put the machine in that role, and I'm not really going to help explain to newbies how to put the shell in the shotgun, cock it, and then show them where the trigger is.... Kinda like the virtualization issue, if you have to ask how to do it, your experience level is such that it will come back to screw you pretty quickly. There is no compelling reason that the OP's network situation can't just be fixed the right way.

I was going to just recommend that he use bi-directional audiophile cat6a cables. :)

 

[jprouvos]

Oh well for that just type "natd" at the FreeNAS CLI (getting the proper incantation is an exercise left to the reader).

Or configure the CPE to route 192.168.1.0/24 at 192.168.0.200, set net.inet.ip.forwarding to 1, and do ${something} for DHCP on 192.168.1.0/24.

But really, while I could configure a FreeNAS box to act as a 10G Internet core router with BGP and OSPF protocols in about 15 minutes, the fact of the matter is that it is a bad idea to put the machine in that role, and I'm not really going to help explain to newbies how to put the shell in the shotgun, cock it, and then show them where the trigger is.... Kinda like the virtualization issue, if you have to ask how to do it, your experience level is such that it will come back to screw you pretty quickly. There is no compelling reason that the OP's network situation can't just be fixed the right way.

A 10G internet core router with storage and jails on top. Sounds like a good place to build a cache :D

 

[jgreco]

A 10G internet core router with storage and jails on top. Sounds like a good place to build a cache :D

With a little luck in a few years FreeNAS will be the basis of a nicely converged computing platform for virtual machines and storage.