SOLVED Creating a brand new jail with VNET enabled, I cannot access jail from my network

[picklefish]

I think I am missing a step with turning on VNET in jails, but having trouble searching.

Jails work fine with VNET turned off.
If I create a brand new jail (from clone) with VNET turned on, it has internet access (pkg update works, ping 1.1.1.1 works), but I cannot access it from my network.

Default settings when creating jail. Enable VNET. Enable allow_raw_sockets.

I'm trying to read the guides and figure out what step I might be missing.

ifconfig inside the jail:

ifconfig on truenas host:

1 is the jail with vnet enabled, which can access the internet, but is unreachable by clients on my network
2 is the jail with vnet disabled, which has access to internet, and is reachable.

Thanks for any direction on what I might be missing!

Edit: Pinging the ip gives me:

 

[sretalla]

If you're not using DHCP, you can't really leave the IPv4 Default Router at auto, you need to specify it.

 

[picklefish]

Hmm, I set it to 192.168.1.1 and same behavior. I'd think I wouldn't have internet access inside the jail if that were the problem. Am I missing proper bridge setup maybe?

 

[Patrick M. Hausen]

Do you have your jail's IP address as an alias on the host when you try to use VNET? You need to remove that, then. VNET means the jails comes with a complete separate IP stack.

Oh, and you MUST put your host's IP address on the bridge interface, not igb0. So:

- shut down jail
- ifconfig bridge0 destroy
- create a bridge interface, name 'bridge0', member 'igb0' in the UI
- remove the IP address from igb0
- put the IP address on bridge0
- start jail

 

[picklefish]

Do you have your jail's IP address as an alias on the host when you try to use VNET? You need to remove that, then. VNET means the jails comes with a complete separate IP stack.

Oh, and you MUST put your host's IP address on the bridge interface, not igb0. So:

- shut down jail
- ifconfig bridge0 destroy
- create a bridge interface, name 'bridge0', member 'igb0' in the UI
- remove the IP address from igb0
- put the IP address on bridge0
- start jail

I think that's exactly it!

I had to muck about with this a bunch because I kept losing my bridge0 after restart and I kept having collisions between the bridge0 ip and the igb0 ip even though I was deleting the igb0 IP from the UI. I had to resort to IPMI a few times to be able to get back to the web ui! Eventually through various orders or deleting that IP from igb0 it finally persisted.

The other issue I kept having was setting the IPs manually. When I switched back to DHCP my problems went away. I don't know why I ever tried to do it without DHCP. Thanks all.