iocage - no route to gateway from jail

Status
Not open for further replies.
R

Ravefiend

Dabbler
Joined
Jun 1, 2011
Messages
37
== SOLUTION ALREADY FOUND (see below) :) ==

To become more familiar with iocage, I've been trying out a bunch of things using FreeNAS 11.1 that I installed under Virtualbox (Windows guest).

FreeNAS VM network config:
Code:
VBoxManage modifyvm "%VM_NAME%" --nic1 bridged --nictype1 virtio --bridgeadapter1 "Intel(R) Ethernet Connection I218-LM" --macaddress1 auto

No problems so far, the freenas-vm gets an IP address using DHCP:

Code:
root@freenas-vm:~ # ifconfig
vtnet0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
   options=6c03bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,VLAN_HWTSO,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
   ether 08:00:27:ba:9e:07
   hwaddr 08:00:27:ba:9e:07
   inet 192.168.1.197 netmask 0xffffff00 broadcast 192.168.1.255
   nd6 options=9<PERFORMNUD,IFDISABLED>
   media: Ethernet 10Gbase-T <full-duplex>
   status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
   options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
   inet6 ::1 prefixlen 128
   inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
   inet 127.0.0.1 netmask 0xff000000
   nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
   groups: lo
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
   ether 02:43:ad:b0:0c:00
   nd6 options=9<PERFORMNUD,IFDISABLED>
   groups: bridge
   id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
   maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
   root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
   member: vtnet0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
		   ifmaxaddr 0 port 1 priority 128 path cost 2000


The bridge0 is there since I set up the workaround described in https://forums.freenas.org/index.php?threads/iocage-vnet0-and-bridge0.59964/ - configuring these tunables (rc.conf) for my setup:
Code:
cloned_interfaces - bridge0
ifconfig_bridge0 - addm vtnet0 up

Create a new jail:
Code:
iocage create --release 11.1-RELEASE --name "mysql-vm" boot=on vnet=on ip4_addr="vnet0|192.168.1.100/24" defaultrouter="192.168.1.1" resolver="192.168.1.1" host_hostname="mysql-vm" allow_raw_sockets="1"

Code:
+-----+----------+------+-------+------+-----------------+------------------------+-----+----------+
| JID |   NAME   | BOOT | STATE | TYPE |	 RELEASE	 |		  IP4		   | IP6 | TEMPLATE |
+=====+==========+======+=======+======+=================+========================+=====+==========+
| 5   | mysql-vm | on   | up	| jail | 11.1-RELEASE-p6 | vnet0|192.168.1.100/24 | -   | -		|
+-----+----------+------+-------+------+-----------------+------------------------+-----+----------+


Let's see from within the jail:
Code:
root@freenas-vm:~ # iocage console mysql-vm
root@mysql-vm:~ # ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
   options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
   inet6 ::1 prefixlen 128
   inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
   inet 127.0.0.1 netmask 0xff000000
   nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
   groups: lo
vnet0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
   options=8<VLAN_MTU>
   ether 02:ff:60:45:74:21
   hwaddr 02:4d:a0:00:05:0b
   inet 192.168.1.100 netmask 0xffffff00 broadcast 192.168.1.255
   nd6 options=1<PERFORMNUD>
   media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
   status: active
   groups: epair

root@mysql-vm:~ # ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1): 56 data bytes
ping: sendto: Host is down
ping: sendto: Host is down
^C
--- 192.168.1.1 ping statistics ---
7 packets transmitted, 0 packets received, 100.0% packet loss
root@mysql-vm:~ # cat /etc/resolv.conf
192.168.1.1

Looking back on the freenas-vm itself:
Code:
root@mysql-vm:~ # exit
logout
root@freenas-vm:~ # ifconfig
vtnet0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
   options=2c00b9<RXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO,LINKSTATE,RXCSUM_IPV6>
   ether 08:00:27:ba:9e:07
   hwaddr 08:00:27:ba:9e:07
   inet 192.168.1.197 netmask 0xffffff00 broadcast 192.168.1.255
   nd6 options=9<PERFORMNUD,IFDISABLED>
   media: Ethernet 10Gbase-T <full-duplex>
   status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
   options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
   inet6 ::1 prefixlen 128
   inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
   inet 127.0.0.1 netmask 0xff000000
   nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
   groups: lo
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
   ether 02:43:ad:b0:0c:00
   nd6 options=9<PERFORMNUD,IFDISABLED>
   groups: bridge
   id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
   maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
   root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
   member: vnet0:5 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
		   ifmaxaddr 0 port 4 priority 128 path cost 2000
   member: vtnet0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
		   ifmaxaddr 0 port 1 priority 128 path cost 2000
vnet0:5: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
   description: associated with jail: mysql-vm
   options=8<VLAN_MTU>
   ether 02:ff:60:45:74:20
   hwaddr 02:4d:50:00:04:0a
   nd6 options=1<PERFORMNUD>
   media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
   status: active
   groups: epair

So in my view the jail's vnet0 is correctly bridged to my hosts' network interface. Still, I'm not able to ping to any host from within the mysql-vm jail. Does the above show anything obviously wrong with my configuration?

Edit: From within the mysql-vm jail it is possible to ping the freenas-vm host:
Code:
root@mysql-vm:~ # ping 192.168.1.197
PING 192.168.1.197 (192.168.1.197): 56 data bytes
64 bytes from 192.168.1.197: icmp_seq=0 ttl=64 time=0.075 ms
64 bytes from 192.168.1.197: icmp_seq=1 ttl=64 time=0.220 ms
64 bytes from 192.168.1.197: icmp_seq=2 ttl=64 time=0.155 ms
^C
--- 192.168.1.197 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.075/0.150/0.220/0.059 ms


Edit2: seems like I found the solution after so many days:
Code:
iocage set resolver="nameserver 192.168.1.1"


Some more sysctls added as tunables:
Code:
net.inet.ip.forwarding=1
net.link.bridge.pfil_onlyip=0
net.link.bridge.pfil_bridge=0
net.link.bridge.pfil_member=0


Result:
Code:
root@mysql-vm:~ # ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: icmp_seq=0 ttl=56 time=30.391 ms
64 bytes from 8.8.8.8: icmp_seq=1 ttl=56 time=35.297 ms
^C
--- 8.8.8.8 ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 30.391/32.844/35.297/2.453 ms
 
Last edited:
P

pali112

Cadet
Joined
Feb 18, 2018
Messages
4
Hello

I am trying to follow this guide step by step but not work all for me. I have use also virtualbox (Linux Ubuntu guest). In Primary Freenas is ok (ping to 8.8.8.8 is good ) but problem is with iocage jail. My system is FreeNAS-11.1-U1


Step 1.

ifconfig primary Freenas

Code:
root@freenas:~ # ifconfig
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=9b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM>
	ether 08:00:27:3f:ea:cc
	hwaddr 08:00:27:3f:ea:cc
	inet 192.168.0.92 netmask 0xffffff00 broadcast 192.168.0.255
	nd6 options=9<PERFORMNUD,IFDISABLED>
	media: Ethernet autoselect (1000baseT <full-duplex>)
	status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
	inet6 ::1 prefixlen 128
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
	inet 127.0.0.1 netmask 0xff000000
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
	groups: lo


Step 2 Create iocage jail

Code:
root@freenas:~ # iocage create --release 11.1-RELEASE --name "test" boot=on vnet=on ip4_addr="vnet0|192.168.0.200/24" defaultrouter="192.168.0.1" resolver="192.168.0.1" host_hostname="test" allow_raw_sockets="1"


Step 3 Check iocage (jail test)

Code:
root@freenas:~ # iocage list
+-----+------+-------+--------------+---------------+
| JID | NAME | STATE |   RELEASE	|	  IP4	  |
+=====+======+=======+==============+===============+
| 1   | test | up	| 11.1-RELEASE | 192.168.0.200 |
+-----+------+-------+--------------+---------------+


Code:
root@test:/ # ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
	inet6 ::1 prefixlen 128
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
	inet 127.0.0.1 netmask 0xff000000
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
	groups: lo
vnet0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=8<VLAN_MTU>
	ether 02:ff:60:ae:1b:76
	hwaddr 02:6a:a0:00:05:0b
	inet 192.168.0.200 netmask 0xffffff00 broadcast 192.168.0.255
	nd6 options=1<PERFORMNUD>
	media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
	status: active
	groups: epair


step 4 ping 8.8.8.8 and ip primary Freenas

Code:
root@test:/ # ping 192.168.0.92
PING 192.168.0.92 (192.168.0.92): 56 data bytes
ping: sendto: Host is down
ping: sendto: Host is down
ping: sendto: Host is down
^C
--- 192.168.0.92 ping statistics ---
8 packets transmitted, 0 packets received, 100.0% packet loss
root@test:/ # ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
ping: sendto: No route to host
ping: sendto: No route to host
ping: sendto: No route to host
^C
--- 8.8.8.8 ping statistics ---
8 packets transmitted, 0 packets received, 100.0% packet loss


Step 5 Added (rc.config) tunables in Web GUI

cloned_interfaces - bridge0
ifconfig_bridge0 - addm em0 up

Step 6 Restart Freenas and check ifconfig

Code:
root@freenas:~ # ifconfig
em0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=98<VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM>
	ether 08:00:27:3f:ea:cc
	hwaddr 08:00:27:3f:ea:cc
	inet 192.168.0.92 netmask 0xffffff00 broadcast 192.168.0.255
	nd6 options=9<PERFORMNUD,IFDISABLED>
	media: Ethernet autoselect (1000baseT <full-duplex>)
	status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
	inet6 ::1 prefixlen 128
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
	inet 127.0.0.1 netmask 0xff000000
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
	groups: lo
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	ether 02:37:43:fc:46:00
	nd6 options=9<PERFORMNUD,IFDISABLED>
	groups: bridge
	id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
	maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
	root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
	member: vnet0:1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
			ifmaxaddr 0 port 4 priority 128 path cost 2000
	member: em0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
			ifmaxaddr 0 port 1 priority 128 path cost 20000
vnet0:1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
	description: associated with jail: test
	options=8<VLAN_MTU>
	ether 02:ff:60:ae:1b:75
	hwaddr 02:6a:50:00:04:0a
	nd6 options=1<PERFORMNUD>
	media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
	status: active
	groups: epair


Now I have ping to my primary Freenas

Code:
root@test:/ # ping 192.168.0.92
PING 192.168.0.92 (192.168.0.92): 56 data bytes
64 bytes from 192.168.0.92: icmp_seq=0 ttl=64 time=0.320 ms
64 bytes from 192.168.0.92: icmp_seq=1 ttl=64 time=0.101 ms
64 bytes from 192.168.0.92: icmp_seq=2 ttl=64 time=0.117 ms
64 bytes from 192.168.0.92: icmp_seq=3 ttl=64 time=0.107 ms
^C
--- 192.168.0.92 ping statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.101/0.161/0.320/0.092 ms


But I don't have ping 8.8.8.8

Step 7 Added sysctls parameters in tunables Web GUI

Code:
net.inet.IP.forwarding=1
net.link.bridge.pfil_onlyip=0
net.link.bridge.pfil_bridge=0
net.link.bridge.pfil_member=0



I don't still have ping to 8.8.8.8

Do you have any ideas?
 
Last edited:
P

pali112

Cadet
Joined
Feb 18, 2018
Messages
4
Hello Again.

I found answer on my question :)

This is work only with wired internet

Best regards
 
Status
Not open for further replies.

Similar threads

Stranded Camel
  • Locked
Rebooted, iocage jails have no network access, and old tricks aren't fixing this anymore
Replies
8
Views
6K
KrisBee
K
B
  • Locked
configuring jails for IPv6
Replies
2
Views
5K
Jurgen Segaert
J
STREBLO
  • Locked
Properly creating iocage bridges for VNET
Replies
4
Views
4K
STREBLO
STREBLO
Surpher
  • Locked
SOLVED Networking Issue with IOCage
Replies
2
Views
2K
Surpher
Surpher
R
  • Locked
em0 missing on bridge0 after upgrade to FreeNAS 11.1
Replies
7
Views
5K
fracai
fracai
Top