Krautmaster
Explorer
- Joined
- Apr 10, 2017
- Messages
- 81
Dear all,
I know this has been solved several times but there was no reasonable and working solution so far for me.
Some Information:
-> Xeon D Board, HyperV Host, FreeNAS-11.2-U5 VM, 2 nic (hn0 / hn1)
-> Local subnet 192.168.2.0/24 -> gateway / nameserver 192.168.2.10
-> DMZ subnet 192.168.1.0/24 -> gateway / nameserver 192.168.1.1
hn0 is connected to LAN
hn1 is connected to DMZ
other VM can access the web from DMZ without any issue:
I currently did a jail for nextcloud. That jail was installed with hn1 connected to LAN = 192.168.2.* subnet, for easier testing purposes.
Now I tried to switch it over to DMZ. Its pretty weird that its working in general to access the webpage / nextcloud without issues, execpt the app store and the security scan fails. That is due to the fact that the jail cant access the internet any more. https://cloud.krautmaster.de
Freenas ifconfig printout:
Jail Information - did not manually edit any file in here, just 4 information
I did a static route - required?
and I did not yet configure hn1 (DMZ) in Freenas webgui:
Please let me know if you found information missing, ill update asap then.
Thanks for your support.
Edit: to sum up:
-> jail can access other machines in 192.168.1.* subnet
-> jail has static ip 192.168.1.200 and nameserver configured to 192.168.1.1
-> jail is reachable from internet over virtual firewall, reverse proxy (in dmz as well)
-> jail lacks on web access over gateway 192.168.1.1
Edit: that weird bridge0 was removed with a full reboot. All other stuff is the same. Behaviour as well.
Edit2:
If configured like this (with vnet0 instead of passing the adapter itself) I can't even ping the clients in the DMZ subnet
I know this has been solved several times but there was no reasonable and working solution so far for me.
Some Information:
-> Xeon D Board, HyperV Host, FreeNAS-11.2-U5 VM, 2 nic (hn0 / hn1)
-> Local subnet 192.168.2.0/24 -> gateway / nameserver 192.168.2.10
-> DMZ subnet 192.168.1.0/24 -> gateway / nameserver 192.168.1.1
hn0 is connected to LAN
hn1 is connected to DMZ
other VM can access the web from DMZ without any issue:
I currently did a jail for nextcloud. That jail was installed with hn1 connected to LAN = 192.168.2.* subnet, for easier testing purposes.
Now I tried to switch it over to DMZ. Its pretty weird that its working in general to access the webpage / nextcloud without issues, execpt the app store and the security scan fails. That is due to the fact that the jail cant access the internet any more. https://cloud.krautmaster.de
Freenas ifconfig printout:
Code:
root@freenas[~]# ifconfig -a lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6> inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 inet 127.0.0.1 netmask 0xff000000 nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> groups: lo hn0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=8011b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,TSO4,LINKSTATE> ether 00:15:5d:02:64:00 hwaddr 00:15:5d:02:64:00 inet 192.168.2.99 netmask 0xffffff00 broadcast 192.168.2.255 nd6 options=9<PERFORMNUD,IFDISABLED> media: Ethernet autoselect (10Gbase-T <full-duplex>) status: active hn1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=8011b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,TSO4,LINKSTATE> ether 00:15:5d:02:64:03 hwaddr 00:15:5d:02:64:03 inet 192.168.1.200 netmask 0xffffff00 broadcast 192.168.1.255 nd6 options=9<PERFORMNUD,IFDISABLED> media: Ethernet autoselect (10Gbase-T <full-duplex>) status: active bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 ether 02:eb:1f:d8:f6:00 nd6 options=1<PERFORMNUD> groups: bridge id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200 root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 member: hn0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP> ifmaxaddr 0 port 2 priority 128 path cost 2000 member: hn1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP> ifmaxaddr 0 port 3 priority 128 path cost 2000 root@freenas[~]#
Jail Information - did not manually edit any file in here, just 4 information
Code:
root@nextcloud:/ # ifconfig -a lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6> groups: lo hn0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=8011b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,TSO4,LINKSTATE> ether 00:15:5d:02:64:00 hwaddr 00:15:5d:02:64:00 media: Ethernet autoselect (10Gbase-T <full-duplex>) status: active hn1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=8011b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,TSO4,LINKSTATE> ether 00:15:5d:02:64:03 hwaddr 00:15:5d:02:64:03 inet 192.168.1.200 netmask 0xffffff00 broadcast 192.168.1.255 media: Ethernet autoselect (10Gbase-T <full-duplex>) status: active bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 ether 02:eb:1f:d8:f6:00 groups: bridge id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200 root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 member: hn0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP> ifmaxaddr 0 port 2 priority 128 path cost 2000 member: hn1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP> ifmaxaddr 0 port 3 priority 128 path cost 2000 root@nextcloud:/ # cat /etc/resolv.conf nameserver 192.168.1.1 root@nextcloud:/ # ping 192.168.1.1 PING 192.168.1.1 (192.168.1.1): 56 data bytes 64 bytes from 192.168.1.1: icmp_seq=0 ttl=64 time=1.560 ms 64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=0.790 ms 64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=0.641 ms ^X64 bytes from 192.168.1.1: icmp_seq=3 ttl=64 time=0.731 ms ^C --- 192.168.1.1 ping statistics --- 4 packets transmitted, 4 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 0.641/0.930/1.560/0.367 ms root@nextcloud:/ # cat /etc/rc.conf ifconfig_epair0b="DHCP" hostname="nextcloud" cron_flags="$cron_flags -J 15" # Disable Sendmail by default sendmail_enable="NO" sendmail_submit_enable="NO" sendmail_outbound_enable="NO" sendmail_msp_queue_enable="NO" # Run secure syslog syslogd_flags="-c -ss" # Enable IPv6 ipv6_activate_all_interfaces="YES" apache24_enable="yes" mysql_enable="yes" redis_enable="yes" php_fpm_enable="yes" root@nextcloud:/ # ping google.com PING google.com (216.58.208.46): 56 data bytes ^X^C --- google.com ping statistics --- 4 packets transmitted, 0 packets received, 100.0% packet loss root@nextcloud:/ #
I did a static route - required?
and I did not yet configure hn1 (DMZ) in Freenas webgui:
Please let me know if you found information missing, ill update asap then.
Thanks for your support.
Edit: to sum up:
-> jail can access other machines in 192.168.1.* subnet
-> jail has static ip 192.168.1.200 and nameserver configured to 192.168.1.1
-> jail is reachable from internet over virtual firewall, reverse proxy (in dmz as well)
-> jail lacks on web access over gateway 192.168.1.1
Edit: that weird bridge0 was removed with a full reboot. All other stuff is the same. Behaviour as well.
Edit2:
If configured like this (with vnet0 instead of passing the adapter itself) I can't even ping the clients in the DMZ subnet
Last edited: