Jail and VLAN - Question to Prepare to 11.2

[Soloam]

Hello, I use Jails a lot on my system, and I have several vital services running on them. One of the main points for all of this to work is to use different VLAN's in several Jails. In the jails of 11.1, and prior, I'm able to do this (a little hack, but it works), I can have jails in a different Vlan from the main FreeNas instance.

Now my question, in the 11.2 iocage system, is this possible?

Thank You

 

[kdragon75]

Yes but it will require another little hack. They use the same vnet interfaces. In fact, if your running a bridge per vlan, if you set the associated bridge in the jail and build the bridge config in you startup tasks, it *should* be fairly straight forward. I say *should* because I have no clue what nonsense the middleware will pull...
https://www.freebsd.org/cgi/man.cgi?query=iocage&sektion=8

interfaces=vnet0:bridge0,vnet1:bridge1 | vnet0:bridge0
By default, there are two interfaces specified with their
bridge association. Up to four interfaces are supported.
Interface configurations are separated by commas. The for-
mat is interface:bridge, where the left value is the vir-
tual VNET interface name and the right value is the bridge
name where the virtual interface should be attached.

Default: vnet0:bridge0,vnet1:bridge1

Source: local

So you would want something like iocage set interfaces="vnet0:bridge2" <jailname>

 

[Soloam]

Thank you for the feedback @kdragon75

 

[Soloam]

So here we are :) testing out the new 11.2. So far so good, but I have a problem with the creation of the jails. As talked here with @kdragon75 I need to have some jails in a different VLAN.

I tested the new UI and I see a option to select the interface, I tried to set it to the vlan interface that I have created, but when I try to install I get a error "[EFAULT] Exception: CallError:[EFAULT] pkg.cdn.trueos.org could not be reached via DNS, check your network occured, destroyed emby.". When I use the DHCP it works and instales the Jail! After installed I don't see a option to change the interface or IP.

How can I do this?
Thank You

 

[Soloam]

Ok, I was able to make this work :)... please advice if this is the correct method.

• Created the jail in default interface.
• Stopped Jail
• Edited Jail
• Down on Network Properties changed the "interfaces" to the briadge of my vlan (i got the bridge from in console and typing "ifconfig" looked for the bridge with my vlan
• Started the jail and it requested the DHCP to the correct VLAN, it's working.

Problems:

• I was able to make it work with DHCP, but not with fixed IP... For me it's not really a problem because I use the router to assign the IP, but for some people it could be.

Questions:

• I had in the interfaces "vnet0:bridge0", and changed it to "vnet0:bridge1"... Should I change the vnet also? What is the real purpose of this vnet?

Thank you all

 

[Dayve]

Ok, I was able to make this work :)... please advice if this is the correct method.

• Created the jail in default interface.
• Stopped Jail
• Edited Jail
• Down on Network Properties changed the "interfaces" to the briadge of my vlan (i got the bridge from in console and typing "ifconfig" looked for the bridge with my vlan
• Started the jail and it requested the DHCP to the correct VLAN, it's working.

Problems:

• I was able to make it work with DHCP, but not with fixed IP... For me it's not really a problem because I use the router to assign the IP, but for some people it could be.

Questions:

• I had in the interfaces "vnet0:bridge0", and changed it to "vnet0:bridge1"... Should I change the vnet also? What is the real purpose of this vnet?

Thank you all

Did you get this working?

I'm trying to something similar to you. I have installed a second nic in my freenas and would like all traffic of that nic to go through a VLAN60 that I have setup and working on my pfsense. The VLAN60 is a connection to my paid service VPN.

I use the VLAN60 for all my downloads of torrents. Would like to install transmission and couchpotato in jails and assign them only to that connection.

I know my VLAN60 to my VPN service works because if I plug in my laptop to the port of where the freenas second nic would be my laptop gets assigned the proper IP of the VLAN60 and all is good. I just cannot get freenas to work with it.

Do you have any ideas?

 

[Soloam]

From what I understand, your VLAN60 is the gateway to your VPN provider? If that is the case that will not work and if it does, it's really unsave, you are basically exposing your freenas to that VLAN, not better that exposing the NAS to a WAN port.

What I have is a segregated VLAN, managed by my router (pfsense in my case) that has his own gateway assign (it could be my vpn provider or my common IPS). I make a VLAN tagging and in the FREENAS box I split my tags into 3 interfaces. When I do that the system creates the separated bridges and with that follow the steps on post 5

 

[Dayve]

Ah yes. I'm also using pfsense and have assigned a gateway to the VLAN60. And like you say I don't want to expose my freenas to the WAN port.

Unless I missing something all I need to do is make a VLAN tagging in freenas and bridge the interface to it right?