NAT Jail onto a secondary NIC?

LennySh

LennySh

Cadet
Joined
Apr 13, 2020
Messages
4
Hi all,

So I've figured out how to put jails onto a different VLAN (or second NIC) using VNET (with or without DHCP), and this works great! But now, I have a need to use NAT, but not on the primary NIC. I'd like to use NAT on a secondary NIC (it's on a different VLAN). I've tried setting the NAT interface under advanced jail properties, but I get an error message:

Code:
nat_interface can only be changed for defaults!


Has anyone been able to do this successfully? I mean, I can continue creating them on the other VLAN using VNET, but NAT would make more sense (to keep from using so many IP addresses).

Thoughts?
 
TomWaller

TomWaller

Dabbler
Joined
Aug 15, 2013
Messages
24
LennySh said:
Hi all,

So I've figured out how to put jails onto a different VLAN (or second NIC) using VNET (with or without DHCP), and this works great! But now, I have a need to use NAT, but not on the primary NIC. I'd like to use NAT on a secondary NIC (it's on a different VLAN). I've tried setting the NAT interface under advanced jail properties, but I get an error message:

Code:
nat_interface can only be changed for defaults!


Has anyone been able to do this successfully? I mean, I can continue creating them on the other VLAN using VNET, but NAT would make more sense (to keep from using so many IP addresses).

Thoughts?
Click to expand...
Sorry to revive an old thread - but did you ever get this working? I'm trying to do the same thing and hitting the same walls.
 
Patrick M. Hausen

Patrick M. Hausen

Hall of Famer
Joined
Nov 25, 2013
Messages
7,776
NAT by definition uses the host's network stack. So you have no control over the interface - essentially there is none. It's just the host's link, routing table, etc. at work.

If you want control over the interface a jail uses, you must use VNET and bridging. Which works really well, even if the setup might be a bit unintuitive and not well documented.
 
TomWaller

TomWaller

Dabbler
Joined
Aug 15, 2013
Messages
24
Patrick M. Hausen said:
NAT by definition uses the host's network stack. So you have no control over the interface - essentially there is none. It's just the host's link, routing table, etc. at work.

If you want control over the interface a jail uses, you must use VNET and bridging. Which works really well, even if the setup might be a bit unintuitive and not well documented.
Click to expand...
Thanks for getting back to me :)

Sure, the VNET and bridging works fine so far. The issue I have is I want to be able to host my jails on the same IP address, instead of getting either DHCP addresses or seperate static addresses. I was hoping NAT may allow me to do that, but it doesn't appear so, or I'm doing something very wrong.
 
TomWaller

TomWaller

Dabbler
Joined
Aug 15, 2013
Messages
24
TomWaller said:
Thanks for getting back to me :)

Sure, the VNET and bridging works fine so far. The issue I have is I want to be able to host my jails on the same IP address, instead of getting either DHCP addresses or seperate static addresses. I was hoping NAT may allow me to do that, but it doesn't appear so, or I'm doing something very wrong.
Click to expand...
Oh - I should probably mention this is a seperate IP, on a seperate VLAN, not the management IP.
 
DrZombi

DrZombi

Dabbler
Joined
Feb 4, 2019
Messages
15
Hi all,

I have the exact same problem except that the root needs are not the same. For me, I've just put on a script to export my jail regularly as a backup, but each time the cron runs, I receive an error stating that NAT interface is not defined and thus igb0 will be used.
It works, but I don't want to receive this annoying email each morning and I don't want to disable the stderr going to an email since it can be useful in case of a real error happening.

So I wanted to configure a NAT interface in the jail but whatever I enter in the field never works. I keep getting this :

Error.jpg


And since I'm not very familiar with FreeBSD and its networking, I'm a bit lost because official documentation does not give any example of what this field acceptable values.

Can someone help me please ?
 
Patrick M. Hausen

Patrick M. Hausen

Hall of Famer
Joined
Nov 25, 2013
Messages
7,776
I generally recommend not to use NAT for jails. If you use VNET and bridging you are free to assign your jail to the interface you prefer.
 
DrZombi

DrZombi

Dabbler
Joined
Feb 4, 2019
Messages
15
Patrick M. Hausen said:
I generally recommend not to use NAT for jails. If you use VNET and bridging you are free to assign your jail to the interface you prefer.
Click to expand...
Hi Patrick,

This is why I precised that I'm not familiar with FreeBSD and networking but thanks for your answer, I'll have a look in this direction :)
 
You must log in or register to reply here.

Similar threads

S
TrueNAS network is ok, but Jail VNET + DHCP fails
Replies
3
Views
3K
CROWN ME
C
I
  • Locked
Jail NAT Port Forward
Replies
17
Views
19K
Jailer
Jailer
STREBLO
Networking issues with secondary NIC
Replies
0
Views
1K
STREBLO
STREBLO
eseelke
Jail NAT Hostname
Replies
2
Views
960
eseelke
eseelke
hunter
Help Making VNET IPV4 Address of a jail Static
Replies
3
Views
1K
Yorick
Yorick
Top