SOLVED: Enabling promiscuous mode and forged transmits on the ESXi portgroup (it took both settings) does allow the jail to have network access. I know there are caveats to these settings but in a home environment I think I'll be fine. I would caution anyone reading this in the future to fully understand what those options do and the inherent security implications of doing so.
I'm trying to follow the resource here to set up a Plex jail and having a terrible time getting the network uhh networking. I'm entirely sure that the problem is my configuration or something I've overlooked but after banging my head against this for several hours now I decided to ask for help.
Specs are a Supermicro X9SRL-F with 128GB DDR3-1866 ECC RAM and a E5-2690v2 CPU running ESXi 6.5. I boot from a 100GB Intel 710 SSD attached to the chipset SATA controller. Local datastore is a 1.2TB FusionIO ioDrive2. No storage mounted from the FreeNAS 11.2-U3 VM which has 2 vCPU, 16GB RAM, and I passthru the 4 SATA ports on the motherboard SCU for 2 x 4TB reds in a mirrored pool. Jails pool is, for now, a vmdk on the ioDrive2 presented to FreeNAS. I will add mirrored 300GB S3500s for a proper jails pool if I get all of this working to my satisfaction. I do use vmxnet3 for the virtual NIC and also use a distributed vSwitch if that matters. Network switch is a CIsco 3560G.
Symptoms are that I can ping the jail from the FreeNAS cli and vice versa but can't ping the gateway (or anything else obviously) from inside the jail. I have searched and read pretty much every thread I can find from the past year or so regarding jail networking and have tried all the recommended tunables even though I don't think the most recent version requires them which seems evident from the ifconfig output below:
And from inside the jail:
I'm all out of ideas so I would very much appreciate some new ones. TIA!
I'm trying to follow the resource here to set up a Plex jail and having a terrible time getting the network uhh networking. I'm entirely sure that the problem is my configuration or something I've overlooked but after banging my head against this for several hours now I decided to ask for help.
Specs are a Supermicro X9SRL-F with 128GB DDR3-1866 ECC RAM and a E5-2690v2 CPU running ESXi 6.5. I boot from a 100GB Intel 710 SSD attached to the chipset SATA controller. Local datastore is a 1.2TB FusionIO ioDrive2. No storage mounted from the FreeNAS 11.2-U3 VM which has 2 vCPU, 16GB RAM, and I passthru the 4 SATA ports on the motherboard SCU for 2 x 4TB reds in a mirrored pool. Jails pool is, for now, a vmdk on the ioDrive2 presented to FreeNAS. I will add mirrored 300GB S3500s for a proper jails pool if I get all of this working to my satisfaction. I do use vmxnet3 for the virtual NIC and also use a distributed vSwitch if that matters. Network switch is a CIsco 3560G.
Symptoms are that I can ping the jail from the FreeNAS cli and vice versa but can't ping the gateway (or anything else obviously) from inside the jail. I have searched and read pretty much every thread I can find from the past year or so regarding jail networking and have tried all the recommended tunables even though I don't think the most recent version requires them which seems evident from the ifconfig output below:
Code:
vmx0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=200099<RXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,RXCSUM_IPV6>
ether 00:50:56:87:66:84
hwaddr 00:50:56:87:66:84
inet 192.168.40.41 netmask 0xffffff00 broadcast 192.168.40.255
nd6 options=9<PERFORMNUD,IFDISABLED>
media: Ethernet autoselect
status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
inet 127.0.0.1 netmask 0xff000000
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
groups: lo
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 02:4d:ba:9b:dc:00
nd6 options=1<PERFORMNUD>
groups: bridge
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
member: vnet0:12 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 6 priority 128 path cost 2000
member: vmx0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 1 priority 128 path cost 2000
vnet0:12: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: associated with jail: plex as nic: epair0b
options=8<VLAN_MTU>
ether 00:50:56:14:fa:09
hwaddr 02:81:d0:00:06:0a
nd6 options=1<PERFORMNUD>
media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
status: active
groups: epair
And from inside the jail:
Code:
epair0b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 00:50:56:14:fa:0a
hwaddr 02:81:d0:00:07:0b
inet 192.168.40.61 netmask 0xffffff00 broadcast 192.168.40.255
nd6 options=1<PERFORMNUD>
media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
status: active
groups: epairI'm all out of ideas so I would very much appreciate some new ones. TIA!
Last edited:
