Problem summary: I want TrueNAS to communicate with a virtualised firewall even when there is no cable connected to the TrueNAS’s physical NIC.
My configuration:
1. I have TrueNAS-12.0-U5 installed on a Dell PowerEdge R510 server.
2. TrueNAS is configured to use one (1) physical NIC port (bce1). This port is statically configured to IP address 192.168.6.2. The default gateway is set to 192.168.6.1.
3. TrueNAS runs a virtual machine that has the pfSense 2.5.2 firewall software installed.
4. The pfsense firewall’s LAN interface is a virtual NIC sharing the bce1 interface. It is statically configured to be 192.168.6.1 (in the pfsense virtual machine). (For completeness: The firewall’s WAN interface is configured to a separate physical NIC port (igb0) with a static address in a separate subnet (192.168.0.0/24)).
In my use case, I do not plan to have any other hosts in the 192.168.6.0/24 network. I only need traffic to pass between 192.168.6.1 and 192.168.6.2. I was hoping that this would happen even if no cable is connected to bce1. (I only ever intend to connect a physical network to bce1 if I needed to configure TrueNAS but the pfsense firewall has failed.)
Observed Behaviour:
5. Subject to the condition described in 6 below, the TrueNAS / pfsense behaviour is as expected:
(a) TrueNAS can access the WAN network via the pfsense firewall;
(b) Only explicitly permitted WAN traffic gets past the firewall to access TrueNAS.
6. TrueNAS / pfsense traffic passes between 192.168.6.1 and 192.168.6.2 ONLY when there is a physical CAT5 cable connected between bce1 and another (completely unused) NIC port (igb3).
7. No traffic passes between 192.168.6.1 / 192.168.6.2 if the CAT5 cable is disconnected from either bce1 or igb3.
8. For completeness, the TrueNAS dashboard shows that the In/Out statistics are zero for bce1 and igb3. There is no traffic passing over this CAT5 cable.
I suspect that traffic is only passed between the physical and virtual NICs when carrier is detected in at bce1 physical NIC port. (i.e. something "blocks" or discards virtualised traffic when the physical port bce1 reports it has no connection to a physical network).
My question is: Is there a way of configuring bce1 to pass traffic to the virtual NIC without requiring the presence of a cable (& unused NIC port).
Thanks in advance to anyone who helps,
Regards,
Adrian
My configuration:
1. I have TrueNAS-12.0-U5 installed on a Dell PowerEdge R510 server.
2. TrueNAS is configured to use one (1) physical NIC port (bce1). This port is statically configured to IP address 192.168.6.2. The default gateway is set to 192.168.6.1.
3. TrueNAS runs a virtual machine that has the pfSense 2.5.2 firewall software installed.
4. The pfsense firewall’s LAN interface is a virtual NIC sharing the bce1 interface. It is statically configured to be 192.168.6.1 (in the pfsense virtual machine). (For completeness: The firewall’s WAN interface is configured to a separate physical NIC port (igb0) with a static address in a separate subnet (192.168.0.0/24)).
In my use case, I do not plan to have any other hosts in the 192.168.6.0/24 network. I only need traffic to pass between 192.168.6.1 and 192.168.6.2. I was hoping that this would happen even if no cable is connected to bce1. (I only ever intend to connect a physical network to bce1 if I needed to configure TrueNAS but the pfsense firewall has failed.)
Observed Behaviour:
5. Subject to the condition described in 6 below, the TrueNAS / pfsense behaviour is as expected:
(a) TrueNAS can access the WAN network via the pfsense firewall;
(b) Only explicitly permitted WAN traffic gets past the firewall to access TrueNAS.
6. TrueNAS / pfsense traffic passes between 192.168.6.1 and 192.168.6.2 ONLY when there is a physical CAT5 cable connected between bce1 and another (completely unused) NIC port (igb3).
7. No traffic passes between 192.168.6.1 / 192.168.6.2 if the CAT5 cable is disconnected from either bce1 or igb3.
8. For completeness, the TrueNAS dashboard shows that the In/Out statistics are zero for bce1 and igb3. There is no traffic passing over this CAT5 cable.
I suspect that traffic is only passed between the physical and virtual NICs when carrier is detected in at bce1 physical NIC port. (i.e. something "blocks" or discards virtualised traffic when the physical port bce1 reports it has no connection to a physical network).
My question is: Is there a way of configuring bce1 to pass traffic to the virtual NIC without requiring the presence of a cable (& unused NIC port).
Thanks in advance to anyone who helps,
Regards,
Adrian
