Help With Networking Config (Splitting NAS GUI & Apps)

P

panzerscope

Contributor
Joined
May 30, 2022
Messages
146
Hello all.

Currently running TrueNAS-SCALE-22.02.4

This is what will be considered basic networking, but I have frazzled my brain and need assistance. TrueNas from what I read follows "Proper networking", in the sense that you cannot have multiple NICs on the same subnet. Previously with other networking tasks, I have had multiple NIC's on the same subnet which was nice and easy, so now I am in unknown territory.

The short of it is I would like to accomplish the following:

1. Bind my TrueNas GUI to its own IP
2. Bind my Apps using its own IP

My current setup as per the snapshot below is:

NIC ens6f1 - IP: 192.168.1.10 (DHCP with IP set as Static on my PfSense Firewall). This is the IP I use to reach my NAS GUI as well as for any port forwarding.
NIC br1 - IP: 192.168.1.154 (This is setup as a bridge from ens6f1). This IP I have my virtual machines bound to.

1673877362304.png


My questions are:

1. If I setup another NIC with an arbitrary alias IP using a different subnet to that of 192.168.1.0 for my Apps (such as or 192.168.0.0), how can I ensure that apps using that IP can send its traffic to the 192.168.1.0 subnet ?

2. When I go to bind my NAS GUI to my 192.168.1.10 IP address, it does not show on the drop down list ? It is a configured IP on my network page, but is it the case I cannot set it because it is DHCP and not a static alias ?

1673877675235.png


Ideally I would like to keep the NAS GUI IP and Apps IP and my VM's on the same subnet, but not sure that is at all possible ? Networking/TrueNas Guru's please come to my rescue lol.

Thanks,
P
 
sretalla

sretalla

Powered by Neutrality
Moderator
Joined
Jan 1, 2016
Messages
9,703
Maybe have a think about this one first...

Resource - Multiple network interfaces on a single subnet

We've had a number of people over the years bring up the topic of multiple network interfaces on a single subnet. Often done by Windows administrators or storage admins, where it works to varying degrees, this is sadly not proper IP networking...
www.truenas.com www.truenas.com
 
danb35

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,504
Keep it with one interface. If you feel the need to include more than one physical interface (and you have a managed switch that supports it), aggregate them, which creates a single logical interface. Then assign both IPs as aliases on that one interface. Set the UI to listen on the first IP, set the apps Node IP to the other.
 
P

panzerscope

Contributor
Joined
May 30, 2022
Messages
146
sretalla said:
Maybe have a think about this one first...

Resource - Multiple network interfaces on a single subnet

We've had a number of people over the years bring up the topic of multiple network interfaces on a single subnet. Often done by Windows administrators or storage admins, where it works to varying degrees, this is sadly not proper IP networking...
www.truenas.com www.truenas.com
Click to expand...
Thank you for the read. Very informative.

Ok, so I have gone back and started again with my network config and using Alias setup on a single NIC.

So right now I have 2 IP Alias's on my NIC

192.168.1.100 - Now my GUI IP
192.168.1.101 - Now my Apps Node IP

Seemingly my VM's also no longer require a Bridge to access my shares now either, this is likely due to a properly revised setup.

Originally I had all my port forwarding services setup to the DHCP address of my NAS (192.168.1.10), This still exists obviously. However now that my GUI is on 192.168.100, I assume I will just change my port forward in my Pfsense to the new IP ? Does that work with Alias ?
 
danb35

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,504
panzerscope said:
I assume I will just change my port forward in my Pfsense to the new IP ?
Click to expand...
Since you should never expose the GUI to the public Internet, I'd think you'd want to forward whatever ports you need (likely 80 and 443) to the apps alias.
 
P

panzerscope

Contributor
Joined
May 30, 2022
Messages
146
danb35 said:
Since you should never expose the GUI to the public Internet, I'd think you'd want to forward whatever ports you need (likely 80 and 443) to the apps alias.
Click to expand...

I was going to add an auth page in front of the NAS GUI page on the open internet, is that still not enough? Just wondering on your thoughts on that.
 
S

Stackoverflow13

Cadet
Joined
Dec 21, 2022
Messages
2
Personal opinion it's fine I use the same thing with cloudflare app tunnel where you must give a specific email adress which then gives a otp to access.

I have a similar question I two have 2 netowrk ports. My primary port is 192.168.1.10 (gui) & 192.168..1.20 alias on same port for kubernetes. on this I run traefik, ports 80 & 443. Does any one know hoe to setup the sencond port with a different alias for use with kubernetes such that both primary port & secondary port can use ports 443 & 80. Obviously bot ports need access to the gatewy for internet access this is where I get stuck. As a different subnet susch as 192.168.1.20 would mean the gaetway wouldn't work
TIA to any & all who can help
 
You must log in or register to reply here.

Important Announcement for the TrueNAS Community.

The TrueNAS Community has now been moved. This forum will now become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums.

Related topics on forums.truenas.com for thread: "Help With Networking Config (Splitting NAS GUI & Apps)"

Similar threads

F
Trouble with multiple NICs for access from different VLANs/Subnets
Replies
10
Views
2K
xzibit
xzibit
O
SCALE Apps: IP Addresses and VPN Killswitch?
Replies
1
Views
3K
Whiskey
Whiskey
T
TrueNAS SCALE and Apps - Network Configuration Question
Replies
1
Views
7K
truecharts
truecharts
Europa2010AD
IP forwarding between NICs for Tailscale
Replies
0
Views
1K
Europa2010AD
Europa2010AD
P
Virtual Machines & Bridges, A Networking Question.
Replies
12
Views
3K
panzerscope
P
Top