Jails can't browse/ping

KevDog

Patron
Joined
Nov 26, 2016
Messages
462
Also -- just a thought. You're using epair interfaces. Your jail is using epair0b (you can see this from ifconfig inside the jail). From the host (freenas), your ifconfig bridge0 has members igb1 and vnet0:1, however there is no corresponding epair0a interface.

Take a look at my bridge0 in my setup:
Code:
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    ether 02:f6:c7:64:02:00
    nd6 options=9<PERFORMNUD,IFDISABLED>
    groups: bridge
    id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
    maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
    root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
    member: vnet0:4 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
            ifmaxaddr 0 port 13 priority 128 path cost 2000
    member: tap0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
            ifmaxaddr 0 port 12 priority 128 path cost 2000000
    member: epair2a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
            ifmaxaddr 0 port 11 priority 128 path cost 2000
    member: epair1a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
            ifmaxaddr 0 port 10 priority 128 path cost 2000
    member: epair0a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
            ifmaxaddr 0 port 9 priority 128 path cost 2000
    member: tap1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
            ifmaxaddr 0 port 8 priority 128 path cost 2000000
    member: vlan1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
            ifmaxaddr 0 port 6 priority 128 path cost 55


I'm using a vlan setup however my vlan1 is equivalent to your igb1. I also have one jail with vent0:4 and a bunch of epairs.
 
Last edited:

Sean Cunningham

Dabbler
Joined
Jul 14, 2015
Messages
30
Huh...how do I add it? If I run the command that I did to add igb1 I get the following error:
Code:
root@Alexandria[~]# ifconfig bridge0 addm epair0a up
ifconfig: BRDGADD epair0a: No such file or directory
 

KevDog

Patron
Joined
Nov 26, 2016
Messages
462
@Sean Cunningham
I thought iocage was supposed to create the epair interfaces when creating and bringing up the jail(s). Usually the epair(a) is listed in the ifconfig if this command is run on the freenas host or the host that is running the jails -- presumably freenas. How did you create your jails? What version of freenas are you running?

Try rebooting freenas to make sure things aren't screwed up. There is definitely a method of creating and adding epair(a) to the bridge and also adding epair(b) to the vnet bridge -- however I know how to do this from the command line, but not automate it so it happens at every reboot of the machine. I thought part of the iocage executable's job was to create these interfaces by default -- I'm really not too sure.

Link for manual creating of epairs: https://forums.freebsd.org/threads/jails-vnet-freebsd-mastery-multiple-interfaces.70356/

Addendum:
I just read the man page for epair (https://www.freebsd.org/cgi/man.cgi?query=epair&sektion=4&manpath=FreeBSD+8.0-RELEASE) and found this
Each epair interface pair is created at runtime using interface cloning.
This is most easily done with the ifconfig(8) create command or using the
cloned_interfaces variable in rc.conf(5).

So knowing this, you might want to create a system tunable within freenas
System->Tunables-> Variable=cloned_interfaces, Value=bridge0, Type=rc.conf.
After making the system tunable, its probably just easier to reboot the system although you could probably just restart the networking stack tbh. When in doubt just reboot. rc.conf read at startup.
 
Last edited:

Sean Cunningham

Dabbler
Joined
Jul 14, 2015
Messages
30
I added the tunable, but no luck. I do have epair0b in the jail, but no epair0a in freenas. I created the jail a few different ways, this time from the GUI but I've also tried from command line as well.

EDIT: running FreeNAS 11.2U7

Just deleted the jail and recreated using the method here: https://www.ixsystems.com/community...darr-lidarr-jackett-transmission-organizr.58/

echo '{"pkgs":["plexmediaserver-plexpass","ca_root_nss"]}' > /tmp/pkg.json
iocage create -n "plex" -p /tmp/pkg.json -r 11.2-RELEASE ip4_addr="vnet0|192.168.0.101/24" defaultrouter="192.168.0.3" vnet="on" allow_raw_sockets="1" boot="on"
 
Last edited:

KevDog

Patron
Joined
Nov 26, 2016
Messages
462
Perhaps I'm going down the wrong path. I started a few more jails in the gui and then locked in the system logs (which is black console at bottom of gui) and found something similar to this:
Code:
Jan 16 23:20:19 freenas epair5a: Ethernet address: 02:a8:d0:00:0f:0a
Jan 16 23:20:19 freenas epair5b: Ethernet address: 02:a8:d0:00:10:0b
Jan 16 23:20:19 freenas kernel: epair5a: link state changed to UP
Jan 16 23:20:19 freenas kernel: epair5a: link state changed to UP
Jan 16 23:20:19 freenas kernel: epair5b: link state changed to UP
Jan 16 23:20:19 freenas kernel: epair5b: link state changed to UP
Jan 16 23:20:19 freenas kernel: epair5a: changing name to 'vnet0:7'
Jan 16 23:20:19 freenas kernel: epair5b: changing name to 'epair0b
 

KevDog

Patron
Joined
Nov 26, 2016
Messages
462
Discouraging since things would seem to be configured of. Ok -- did you use a plugin to install the plex jail? Have you tried creating another "scratch jail" or test jail from the jail interface?

Make sure you reboot to reset things. Can you post the iocage and ifconfig from the freenas host again?
 

Sean Cunningham

Dabbler
Joined
Jul 14, 2015
Messages
30
I haven't used the plugin, this one was attempted both from command line and from the jail GUI. I just created another test jail, same problem unfortunately.

Code:
root@Alexandria[~]# iocage get all plex
CONFIG_VERSION:14.1
allow_chflags:0
allow_mlock:0
allow_mount:0
allow_mount_devfs:0
allow_mount_nullfs:0
allow_mount_procfs:0
allow_mount_tmpfs:0
allow_mount_zfs:0
allow_quotas:0
allow_raw_sockets:1
allow_set_hostname:1
allow_socket_af:0
allow_sysvipc:0
allow_tun:0
available:readonly
basejail:no
boot:on
bpf:yes
children_max:0
cloned_release:11.2-RELEASE
comment:none
compression:lz4
compressratio:readonly
coredumpsize:off
count:1
cpuset:off
cputime:off
datasize:off
dedup:off
defaultrouter:192.168.10.1
defaultrouter6:none
depends:none
devfs_ruleset:4
dhcp:off
enforce_statfs:2
exec_clean:1
exec_fib:0
exec_jail_user:root
exec_poststart:/usr/bin/true
exec_poststop:/usr/bin/true
exec_prestart:/usr/bin/true
exec_prestop:/usr/bin/true
exec_start:/bin/sh /etc/rc
exec_stop:/bin/sh /etc/rc.shutdown
exec_system_jail_user:0
exec_system_user:root
exec_timeout:60
host_domainname:none
host_hostname:plex
host_hostuuid:plex
host_time:yes
hostid:d15dfcdb-36ff-11ea-bb57-002590f3fcf2
hostid_strict_check:off
interfaces:vnet0:bridge0
ip4:new
ip4_addr:vnet0|192.168.10.20/24
ip4_saddrsel:1
ip6:new
ip6_addr:none
ip6_saddrsel:1
jail_zfs:off
jail_zfs_dataset:iocage/jails/plex/data
jail_zfs_mountpoint:none
last_started:2020-01-17 14:21:54
login_flags:-f root
mac_prefix:07ded9
maxproc:off
memorylocked:off
memoryuse:off
mount_devfs:1
mount_fdescfs:1
mount_linprocfs:0
mount_procfs:0
mountpoint:readonly
msgqqueued:off
msgqsize:off
nmsgq:off
notes:none
nsemop:off
nshm:off
nthr:off
openfiles:off
origin:readonly
owner:root
pcpu:off
priority:99
pseudoterminals:off
quota:none
release:11.2-RELEASE-p15
reservation:none
resolver:/etc/resolv.conf
rlimits:off
securelevel:2
shmsize:off
stacksize:off
state:up
stop_timeout:30
swapuse:off
sync_state:none
sync_target:none
sync_tgt_zpool:none
sysvmsg:new
sysvsem:new
sysvshm:new
template:no
type:jail
used:readonly
vmemoryuse:off
vnet:on
vnet0_mac:07ded914fa09 07ded914fa0a
vnet1_mac:none
vnet2_mac:none
vnet3_mac:none
vnet_default_interface:igb1
vnet_interfaces:none
wallclock:off


Code:
root@Alexandria[~]# ifconfig
igb0: flags=8c02<BROADCAST,OACTIVE,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=6403bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6>
        ether 00:25:90:f3:fc:f2
        hwaddr 00:25:90:f3:fc:f2
        nd6 options=9<PERFORMNUD,IFDISABLED>
        media: Ethernet autoselect
        status: no carrier
igb1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=2400b9<RXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO,RXCSUM_IPV6>
        ether 00:25:90:f3:fc:f3
        hwaddr 00:25:90:f3:fc:f3
        inet 192.168.10.5 netmask 0xffffff00 broadcast 192.168.10.255
        nd6 options=9<PERFORMNUD,IFDISABLED>
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
igb2: flags=8c02<BROADCAST,OACTIVE,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=6403bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6>
        ether 00:25:90:f3:fc:f4
        hwaddr 00:25:90:f3:fc:f4
        nd6 options=9<PERFORMNUD,IFDISABLED>
        media: Ethernet autoselect
        status: no carrier
igb3: flags=8c02<BROADCAST,OACTIVE,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=6403bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6>
        ether 00:25:90:f3:fc:f5
        hwaddr 00:25:90:f3:fc:f5
        nd6 options=9<PERFORMNUD,IFDISABLED>
        media: Ethernet autoselect
        status: no carrier
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
        inet 127.0.0.1 netmask 0xff000000
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        groups: lo
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 02:bf:40:0e:0c:00
        nd6 options=1<PERFORMNUD>
        groups: bridge
        id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
        maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
        root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
        member: vnet0:2 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 8 priority 128 path cost 2000
        member: vnet0:1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 7 priority 128 path cost 2000
        member: igb1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 2 priority 128 path cost 20000
vnet0:1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: associated with jail: plex as nic: epair0b
        options=8<VLAN_MTU>
        ether 07:de:d9:14:fa:09
        hwaddr 02:e0:d0:00:07:0a
        nd6 options=1<PERFORMNUD>
        media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
        status: active
        groups: epair
vnet0:2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: associated with jail: testjail as nic: epair0b
        options=8<VLAN_MTU>
        ether 07:de:d9:83:ff:06
        hwaddr 02:e0:d0:00:08:0a
        nd6 options=1<PERFORMNUD>
        media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
        status: active
        groups: epair


I moved the server to my home network just in case our corporate firewall was somehow at fault which is why the IPs are different now. Freenas is 192.168.10.5, gateway is 192.168.10.1, and plex is 192.168.10.20, with the test jail setup at 192.168.10.30.

EDIT: for kicks I used the plugin and created a plex server using DHCP and got the following error:
[EFAULT] Exception: RuntimeError: + Acquiring DHCP address: FAILED, address received: 0.0.0.0/8 Stopped plex due to DHCP failure occured, destroyed plex.

Then I created one using a static and got this:
[EFAULT] Exception: CallError:[EFAULT] pkg.cdn.trueos.org could not be reached via DNS, check your network occured, destroyed plex.
 
Last edited:

KevDog

Patron
Joined
Nov 26, 2016
Messages
462
Can you ping on jail from another?
 

KevDog

Patron
Joined
Nov 26, 2016
Messages
462
Honestly, its very frustrating for sure. I'm sure you've restarted the FreeNAS system a lot -- I find this clears out a lot of crud when I'm making a bunch of networking changes.

What version of FreeNAS are you using? I recently upgraded to 11.3 RC2 last night. I'm not sure that would solve all your problems since honestly it looks like you've configured things appropriately. You wouldn't happen to accessing the box wirelessly over a network or one with restricted policies?
 

Sean Cunningham

Dabbler
Joined
Jul 14, 2015
Messages
30
I'm using 11.2U7 - I'm a little hesitant about moving to something labeled "testers only" since this server does house some irreplaceable data. I do have a wireless network but the server is hardwired and I'm accessing it through a hardwired connection as well. And between the two networks I've tried I don't know of any restrictions in place.
 

KevDog

Patron
Joined
Nov 26, 2016
Messages
462
Perhaps you could try one of the other networking ports.
 

Kcaj

Contributor
Joined
Jan 2, 2020
Messages
100
Comparing your jail config to one of mine, the only difference is that I have Berkeley Packet Filter disabled, though I am not sure if it would make a difference.

I agree with KevDog to try a different network port. Out of curiosity, what hardware are you using? and are there any reported problems with such hardware and the configuration you are attempting?
 

Sean Cunningham

Dabbler
Joined
Jul 14, 2015
Messages
30
Thanks y'all - I'll whip up another ethernet port and see if that makes a difference. I've built this FreeNAS on a Supermicro 2U 12 bay X9DRI-LN4F+ which has 4 LAN ports, so I'll try another one. 6x 2TB SATA drives in RAIDZ2, basic USB stick for boot.
 

Sean Cunningham

Dabbler
Joined
Jul 14, 2015
Messages
30
And interestingly I've got another FreeNAS box on my work network, also running 11.2U7 and I was able to create a pingable jail no problem.
 

Sean Cunningham

Dabbler
Joined
Jul 14, 2015
Messages
30
Switched to igb0, same result.

Code:
root@Alexandria[~]# ifconfig
igb0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=2400b9<RXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO,RXCSUM_IPV6>
        ether 00:25:90:f3:fc:f2
        hwaddr 00:25:90:f3:fc:f2
        inet 192.168.10.10 netmask 0xffffff00 broadcast 192.168.10.255
        nd6 options=9<PERFORMNUD,IFDISABLED>
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
igb1: flags=8d02<BROADCAST,PROMISC,OACTIVE,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=2400b9<RXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO,RXCSUM_IPV6>
        ether 00:25:90:f3:fc:f3
        hwaddr 00:25:90:f3:fc:f3
        nd6 options=9<PERFORMNUD,IFDISABLED>
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
igb2: flags=8c02<BROADCAST,OACTIVE,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=6403bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6>
        ether 00:25:90:f3:fc:f4
        hwaddr 00:25:90:f3:fc:f4
        nd6 options=9<PERFORMNUD,IFDISABLED>
        media: Ethernet autoselect
        status: no carrier
igb3: flags=8c02<BROADCAST,OACTIVE,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=6403bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6>
        ether 00:25:90:f3:fc:f5
        hwaddr 00:25:90:f3:fc:f5
        nd6 options=9<PERFORMNUD,IFDISABLED>
        media: Ethernet autoselect
        status: no carrier
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
        inet 127.0.0.1 netmask 0xff000000
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        groups: lo
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 02:bf:40:0e:0c:00
        nd6 options=1<PERFORMNUD>
        groups: bridge
        id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
        maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
        root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
        member: vnet0:3 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 7 priority 128 path cost 2000
        member: igb0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 1 priority 128 path cost 20000
        member: igb1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 2 priority 128 path cost 20000
vnet0:3: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: associated with jail: plex as nic: epair0b
        options=8<VLAN_MTU>
        ether 07:de:d9:14:fa:09
        hwaddr 02:e0:d0:00:07:0a
        nd6 options=1<PERFORMNUD>
        media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
        status: active
        groups: epair


Code:
root@plex:~ # ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
        inet 127.0.0.1 netmask 0xff000000
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        groups: lo
epair0b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=8<VLAN_MTU>
        ether 07:de:d9:14:fa:0a
        hwaddr 02:e0:d0:00:08:0b
        inet 192.168.10.11 netmask 0xffffff00 broadcast 192.168.10.255
        nd6 options=1<PERFORMNUD>
        media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
        status: active
        groups: epair
 

Kcaj

Contributor
Joined
Jan 2, 2020
Messages
100
Maybe you could try a tcpdump on the bridge to see whats happening to the packets?

Otherwise maybe try a fresh install of FreeNAS
 

KevDog

Patron
Joined
Nov 26, 2016
Messages
462
You ever get this figured out?
 
Top