Could do with some guidance on iocage

[danb35]

In this case though /16 would indeed indicate that 10.0.2.2 can't talk to 10.0.1.1 unless a static route is present to connect them.

This is the part I'm having trouble with. 10.0.1.1 and 10.0.2.2 both fall within 10.0.0.0/16. If they're on the same subnet, why do they need a route between them?

 

[anmnz]

/16 is the subnet mask. The first three octets of the IP address have to be the same to be in the same subnet

First TWO octets, not three, surely? Three octets would have to be the same for a /24 subnet mask right?

 

[anmnz]

They aren't. The standard private IP ranges are:

I think by "Class C subnet" @danb35 just means "a subnet with /24 netmask", not anything specifically about those ranges.

In this case though /16 would indeed indicate that 10.0.2.2 can't talk to 10.0.1.1 unless a static route is present to connect them.

I'm puzzled too. /24 would indicate that, but if the netmask is /16 those addresses are on the same subnet. Right?

 

[Jailer]

First TWO octets, not three, surely? Three octets would have to be the same for a /24 subnet mask right?

Yes you are correct. I don't know what I was thinking in my previous post..........

 

[danb35]

I think by "Class C subnet" @danb35 just means "a subnet with /24 netmask", not anything specifically about those ranges.

Yes, that's exactly what I meant.

 

[ewhac]

Yes you are correct. I don't know what I was thinking in my previous post..........

Phew! Thank you; I was starting to think I might have gone insane.

Back to the salient point: Still no network connectivity. Does igb0 need to be made a member of bridge0? If so, how is this normally done? Yes, I know I can do it by hand by modifying /etc/rc.conf, but how is it supposed to happen? IIRC, in the past it was magically handled by the warden stuff. Is adding/removing members to the bridge freely done at runtime, or only once at FreeNAS boot?

 

[ewhac]

Does igb0 need to be made a member of bridge0?

So, just for fun, I did this by hand in FreeNAS:

Code:

$ sudo ifconfig bridge0 addm igb0
Password:
$ ifconfig bridge0
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
   ether 02:50:06:73:13:00
   nd6 options=1<PERFORMNUD>
   groups: bridge
   id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
   maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
   root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
   member: igb0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
		   ifmaxaddr 0 port 1 priority 128 path cost 20000
   member: vnet0:2 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
		   ifmaxaddr 0 port 5 priority 128 path cost 2000

The jail can now talk to the outside world. Which leads us back to the question:

If so, how is this normally done? Yes, I know I can do it by hand by modifying /etc/rc.conf, but how is it supposed to happen?

 

[Jailer]

Did you patch iocage using the commands @danb35 posted?

Code:

cd /tmp
git clone --recursive https://github.com/iocage/iocage
cp -R iocage/iocage/lib/ /usr/local/lib/python3.6/site-packages/iocage/lib

 

[ewhac]

Did you patch iocage using the commands @danb35 posted?

Yup, first thing I did before creating the jail. Timestamps on the files currently in .../iocage/lib are 19 May.

 

[Jurgen Segaert]

Yup, first thing I did before creating the jail. Timestamps on the files currently in .../iocage/lib are 19 May.

Since you "ran the patch", you should be aware that your version of iocage is likely different from other posters here and some of the information in the various threads may or may not longer work for you. As you discovered, as of 26.APR.2018 iocage (master) no longer automatically adds the host interface to the bridge.

This was done on purpose, see https://github.com/iocage/iocage/issues/521

 

[ewhac]

Since you "ran the patch", you should be aware that your version of iocage is likely different from other posters here and some of the information in the various threads may or may not longer work for you. As you discovered, as of 26.APR.2018 iocage (master) no longer automatically adds the host interface to the bridge.

This was done on purpose, see https://github.com/iocage/iocage/issues/521

Ah. I don't completely understand the counterexamples in that thread, but grok the general principle that iocage shouldn't be making assumptions about network setup. This means someone/something else has to do it.

Based on that thread and some related reading, there's more than one way to handle this setup. One could, as has been done in the past, add the NIC to the bridge. Or one could (apparently; I haven't tried it) enable the net.inet.ip.forwarding sysctl. Or, if one is playing fancy games with VLANs, do the appropriate setups there.

Which approach(es) are likely to cause the fewest upgrade headaches when FreeNAS ${FUTURE_VERSION} finally has all the support in place?

 

[fracai]

Thanks all for correcting my netmask error.

 

[Jailer]

Which approach(es) are likely to cause the fewest upgrade headaches when FreeNAS ${FUTURE_VERSION} finally has all the support in place?

That sir, is the $100,000 question.

 

[ewhac]

Latest Experiments: I rebooted FreeNAS to see if the startup scripts do any network setup for iocage-based jails. The answer appears to be no -- igb0 is not automatically made a member of the bridge interface.

So I've added a new system tunable via the old Web interface, as has been detailed in other topics in this forum:

• Go to System -> Tunables.
• Click the button "Add Tunable".
• Enter data for the new tunable:
  Variable: ifconfig_bridge0
  Value: addm igb0 up
  Type: rc.conf
  Enable: Checked

Then reboot. Interface igb0 will be made a member of the bridge0 interface at startup.

It is completely unclear whether this is the mechanism FreeNAS will use going forward to allow VNET-enabled jails to talk to the outside world (though, given this is how warden worked, it seems one of the safer bets). However, at least this puts all the necessary mods in the Web UI where they can be most easily altered/deleted if need be in future releases.

 

[felthamn]

I'm going to revisit iocage and try and get plex to work. I'm not defeated yet. Wish me luck troops. :p

 

[danb35]

 

[Jailer]

I'm going to revisit iocage and try and get plex to work. I'm not defeated yet. Wish me luck troops. :p

So I just did this and it was simple and painless. The only painful part was copying all my metadata from my old plex jail to the new one. That took about a half hour.

 

[felthamn]

So I just did this and it was simple and painless. The only painful part was copying all my metadata from my old plex jail to the new one. That took about a half hour.

Yes but with the greatest of respect you are a FreeNAS Ninja where I am the Mr Bean of FreeNAS lol

 

[adrianwi]

I've switched to storing all of the media server data, in my case emby, in a dataset so when I need to create a new jail it's just a case of mounting that dataset to the correct folder inside the jail and restarting the service ;)

 

[Jailer]

I've been meaning to do that for a while, just haven't got around to it. Of course yesterday would have been the perfect opportunity.......