No network access from FreeNAS 9.10 jail inside Hyper-V

[Revilo]

Set-up is as follows:
ASUS P9X79
i7-3930k
24Gb DDR3 RAM
1GBps Intel 82579v NIC

- Windows 2012 R2 with Hyper-v role installed
- External virtual switch sharing internet connection with physical NIC
- Virtual switch IPv4 settings (static): Address - 192.168.1.15, Mask - 255.255.255.0, Gateway - 192.168.1.1, DNS1 - 192.168.1.22, DNS2 - 8.8.8.8
- FreeNAS 9.10.1-U2 fresh install inside VM using the above virtual switch

Virtual Machine:
4 vCPU
8192MB RAM fixed
IDE controller 1 = FreeNAS boot drive (8gb)
IDE controller 2 = 2TB physical drive

Physical machine = Internet & network access okay
Hyper-v FreeNAS = webgui accessible @ 192.168.1.87, can ping network devices and access internet
jails (plugin, standard etc.) = can ping FreeNAS host @ 192.168.1.87 but nothing else

I have got my current freenas server running dnsmasq in a jail and that has been running fine for 2 or more years on a separate machine.
- this server has a lease range from 192.168.1.35 - 192.168.1.200 and the DNS address is 192.168.1.22

I have made sure that the ip's I give the jails are outside of the above range when making them static in the new freenas system.

Initially I just copied the settings I had on the old system and duplicated it to the new system, fully expecting it to work as the original setup has been great.

I tried the following to resolve the problem:
- checked resolv.conf in the jails match the one in the freenas host
- turned off windows firewall
- set static ip and dns in freenas
- set default gateway in jails
- made jail use DHCP (this stops the jail even talking to the freenas host)

running ifconfig on jail:

Code:

root@test1:/ # ifconfig																											
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384																
		options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>																	
		inet6 ::1 prefixlen 128																									
		inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1																				
		inet 127.0.0.1 netmask 0xff000000																						
		nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>																				
epair0b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500													
		options=8<VLAN_MTU>																										
		ether <hidden>
		inet 192.168.1.207 netmask 0xffffff00 broadcast 192.168.1.255															
		inet6 fe80::7476:d5ff:fe65:4d62%epair0b prefixlen 64 scopeid 0x2															
		nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>																	
		media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)																		
		status: active

running netstat -rn in jail:

Code:

root@test1:/ # netstat -rn																										
Routing tables																													
																																	
Internet:																														
Destination		Gateway			Flags	  Netif Expire																	
127.0.0.1		  link#1			 UH		  lo0																			
192.168.1.0/24	 link#2			 U	   epair0b																			
192.168.1.207	  link#2			 UHS		 lo0																			
																																	
Internet6:																														
Destination					   Gateway					   Flags	  Netif Expire											
::/96							 ::1						   UGRS		lo0													
::1							   link#1						UH		  lo0													
::ffff:0.0.0.0/96				 ::1						   UGRS		lo0													
fe80::/10						 ::1						   UGRS		lo0													
fe80::%lo0/64					 link#1						U		   lo0													
fe80::1%lo0					   link#1						UHS		 lo0													
fe80::%epair0b/64				 link#2						U	   epair0b													
fe80::7476:d5ff:fe65:4d62%epair0b link#2						UHS		 lo0													
ff01::%lo0/32					 ::1						   U		   lo0													
ff01::%epair0b/32				 fe80::7476:d5ff:fe65:4d62%epair0b U	   epair0b												
ff02::/16						 ::1						   UGRS		lo0													
ff02::%lo0/32					 ::1						   U		   lo0													
ff02::%epair0b/32				 fe80::7476:d5ff:fe65:4d62%epair0b U	   epair0b

Code:

root@test1:/ # cat /etc/resolv.conf																								
search home																														
nameserver 192.168.1.22																											
nameserver 8.8.8.8																												
nameserver 8.8.4.4

ping freenas host from jail:

Code:

root@test1:/ # ping 192.168.1.87																									
PING 192.168.1.87 (192.168.1.87): 56 data bytes																					
64 bytes from 192.168.1.87: icmp_seq=0 ttl=64 time=0.214 ms																		
64 bytes from 192.168.1.87: icmp_seq=1 ttl=64 time=0.221 ms

ping router from inside jail:

Code:

root@test1:/ # ping 192.168.1.1												
PING 192.168.1.1 (192.168.1.1): 56 data bytes								 
ping: sendto: Host is down

 

[m0nkey_]

First of all, HyperV isn't the best choice of hypervisor to run FreeNAS on. There are a few issues. If you want to virtualize, use VMware ESXi.

As for the jails, whatever virtual NIC or switch it's connected to must be put in promiscuous mode in order for jails to operate.

 

[Revilo]

Than you @m0nkey_ for your reply, it lead me in the right direction however the problem wasn't (in my case) to do with enabling promiscuous mode...

After (literally) days of trial and error I found out all I had to do was 'Enable MAC Address Spoofing':

1. Go to the FreeNAS VM settings in Hyper-V Manager
2. Navigate to the Network adapter (NB I have the normal 'External' adapter, not the legacy one)
3. Go to 'Advanced Features' and select 'Enable MAC Address Spoofing' option.

A few other points on configuration:

• My virtual switch is an 'External' and is bound to the physical machines NIC i.e. 'Allow management operating system to share this network adapter'
• The physical NIC/Server has a static IP and DNS setup (though I dont think you would need this to be set for it to work)
• Each jail has a static IP address assigned outside of the DHCP range to avoid conflicts
• The jails resolv.conf reflects my home network configuration... check that the /etc/resolv.conf in each jail matches the one in the main freenas system
• The jails have a default gateway set and NAT is NOT checked in the jail settings dialogue box that pops up in the 'Jails' tab on the freenas WebGUI

I hope this helps someone out, Thanks!