DMZ Jail cannot communicate with LAN Jail

[nromyn]

TrueNAS-12.0-U7
I'm trying to get a reverse proxy set up in a DMZ, which will then forward traffic (back through my router) to jails on the LAN. The intent is to get Snort to watch the traffic, mostly "because I can". The Reverse Proxy performs TLS decryption so that I have one place to work with certbot.

Two nics: LAN 10.0.1.0/24 and DMZ 10.0.2.0/24. DMZ does not have an IP, but it doesn't seem to matter. I have two bridges - one for LAN and one for DMZ.

From the reverse proxy jail I can ping:
* LAN and DMZ gateways;
* the Internet
* hosts in the LAN

However, I cannot ping LAN jails. LAN Jails, likewise, cannot ping the DMZ. So it would appear that somewhere in TrueNAS's network stack it's going wrong.

 

[Nick2253]

Do you have gateways configured for your jails?

 

[Patrick M. Hausen]

If you want to use multiple network segments for jails, what is your router/firewall between those? You need to point the default gateway for each jail at that device (in the proper network) and if it's a filtering firewall, permit the traffic you want to pass. TrueNAS won't do that. It's not a network device. I use OPNsense.

 

[nromyn]

The gateways are configured correctly

Code:

WAN - pfsense -- LAN
       |
       DMZ

Something changed overnight, and I've got communications up, as they should be. I suspect PEBCAK. Thanks for the responses