SOLVED Network connection from jail, with FreeNAS inside VM?

Status
Not open for further replies.
Joined
Dec 2, 2015
Messages
730
I'm testing FreeNAS in a VirtualBox VM, while I impatiently wait to get all the hardware I need to build my NAS (the first motherboard was defective - the replacement should ship on Monday).

I'm trying to setup Owncloud in a jail, so I'll have a headstart on getting it configured once I have the real NAS running. I can update FreeNAS from inside the VM, so I know that networking is working at that level. I can ssh to the jail from outside the VM, and I can ping other IPs on my home LAN from inside the jail. But, I cannot ping external IPs, nor can I ping google.com. I've edited /etc/resolv.conf in the jail to have "nameserver 8.8.8.8" and "nameserver 8.8.4.4". The Network settings in VirtualBox are set to Bridged, with Promiscuous Mode to Allow All.

I have a hazy recollection of seeing a similar problem, and solution, on the forum awhile ago, but my searches now are coming up dry. What am I missing?

Thanks,

Kevin
 

Bidule0hm

Server Electronics Sorcerer
Joined
Aug 5, 2013
Messages
3,710
Have you tried to disable VIMAGE (in the jail settings in the web GUI)?
 
Joined
Dec 2, 2015
Messages
730
I checked the jail settings in the GUI, and I see that VIMAGE is checked. But, I cannot uncheck it, even logged in as root, using either Safari and Chrome. I tried restarting FreeNAS, but I still cannot uncheck VIMAGE, in either browser :(
 

Bidule0hm

Server Electronics Sorcerer
Joined
Aug 5, 2013
Messages
3,710
Tried to stop the jail before doing that?
 
Joined
Dec 2, 2015
Messages
730
I tried stopping the jail. I tried rebooting FreeNAS. I tried setting the jail to not autostart, then rebooting FreeNAS. No matter what I do, I cannot uncheck VIMAGE in the GUI for that jail, when logged in as root.

I haven't touched any permissions at all. Should I need to fiddle with permissions to change the VIMAGE setting?
 

Bidule0hm

Server Electronics Sorcerer
Joined
Aug 5, 2013
Messages
3,710
No, you should be able to just uncheck it, I don't know what's going on, wait for another answer :)
 

jgreco

Resident Grinch
Joined
May 29, 2011
Messages
18,681
You're running VirtualBox. Go get a copy of Wireshark (assuming you're running a PC) or tcpdump (assuming most anything else) and actually look to see what's happening on the wire between your host and your NAT gateway ("router"). One of the awesome things about virtualization is that you can jam yourself in there to inspect what's actually going on.
 
Joined
Dec 2, 2015
Messages
730
You're running VirtualBox. Go get a copy of Wireshark (assuming you're running a PC) or tcpdump (assuming most anything else) and actually look to see what's happening on the wire between your host and your NAT gateway ("router"). One of the awesome things about virtualization is that you can jam yourself in there to inspect what's actually going on.
Thanks for the advice.

I'm running OS X, which has tcpdump 4.7.3 installed by Apple. I'll hit the man page and Google to figure out how to sniff this traffic.
 

jgreco

Resident Grinch
Joined
May 29, 2011
Messages
18,681
"tcpdump icmp" comes to mind as the quick way to monitor for ping, which is probably what you want to use for early stage testing.
 
Joined
Dec 2, 2015
Messages
730
"tcpdump icmp" comes to mind as the quick way to monitor for ping, which is probably what you want to use for early stage testing.

tcpdump icmp seems to be telling me that my jail can transmit, but no one replies

The FreeNAS static IP is 192.168.0.201
The jail dynamic IP is 192.168.0.16

if I am ssh'd into FreeNAS, but outside the jail, ping works, and tcpdump icmp shows:

Code:
% sudo tcpdump icmp
Password:
tcpdump: data link type PKTAP
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on pktap, link-type PKTAP (Packet Tap), capture size 262144 bytes
17:53:04.360105 IP 192.168.0.201 > 192.168.0.1: ICMP echo request, id 35892, seq 0, length 64
17:53:04.361633 IP 192.168.0.1 > 192.168.0.201: ICMP echo reply, id 35892, seq 0, length 64
17:53:05.362169 IP 192.168.0.201 > 192.168.0.1: ICMP echo request, id 35892, seq 1, length 64
17:53:05.379305 IP 192.168.0.1 > 192.168.0.201: ICMP echo reply, id 35892, seq 1, length 64
17:53:06.364108 IP 192.168.0.201 > 192.168.0.1: ICMP echo request, id 35892, seq 2, length 64
17:53:06.365860 IP 192.168.0.1 > 192.168.0.201: ICMP echo reply, id 35892, seq 2, length 64


==============
if I ping from inside the jail, I see the ping in tcpdump, but there is no response:

tcpdump output:
Code:
17:55:31.818058 IP 192.168.0.16 > 192.168.0.1: ICMP echo request, id 51508, seq 0, length 64
17:55:32.819458 IP 192.168.0.16 > 192.168.0.1: ICMP echo request, id 51508, seq 1, length 64
17:55:33.821310 IP 192.168.0.16 > 192.168.0.1: ICMP echo request, id 51508, seq 2, length 64
17:55:34.822911 IP 192.168.0.16 > 192.168.0.1: ICMP echo request, id 51508, seq 3, length 64
17:55:35.825136 IP 192.168.0.16 > 192.168.0.1: ICMP echo request, id 51508, seq 4, length 64


What screwed up settings could produce this result?
 

jgreco

Resident Grinch
Joined
May 29, 2011
Messages
18,681
Turn off the firewall on OS X. It'll probably magically start to work.
 
Joined
Dec 2, 2015
Messages
730
Turn off the firewall on OS X. It'll probably magically start to work.
The firewall on the Mac laptop running the VM is off.

I can ping the IP of the Mac running the VM, but I can't ping anything outside this Mac.

I think that tells me that the problem is not in FreeNAS. It might be in VirtualBox, or it might be something in the network settings on this Mac.

I'm in the midst of setting up FreeNAS in another VirtualBox VM, on my main Mac. I've set FreeNAS in this new instance to use DHCP, in case that makes a difference. I'll report back after I've got it running and have tested it.
 
Joined
Dec 2, 2015
Messages
730
I'm in the midst of setting up FreeNAS in another VirtualBox VM, on my main Mac. I've set FreeNAS in this new instance to use DHCP, in case that makes a difference. I'll report back after I've got it running and have tested it.
Things work correctly from this second FreeNAS, in VirtualBox, on my main Mac - i.e. my test jail can ping the outside world. I'll study the differences between this instance and the problematic one.
 

jgreco

Resident Grinch
Joined
May 29, 2011
Messages
18,681
Seems likely you'll figure it out. It really is just a matter of stepping through all the possibilities, and with a working example, you've got a guide. :smile:
 
Joined
Dec 2, 2015
Messages
730
This is interesting. On my laptop, if I'm using WiFi to provide the network connection, I have no connectivity to the outside world from a jail, with FreeNAS running in VirtualBox. I can connect from FreeNAS, but not when in the jail. The adapter in VirtualBox is set to "Bridged" - I haven't succeeded in getting any connectivity at all if I chose one of the other options (although maybe I simply don't know how to configure the FreeNAS network to work with other options).

If I plug in a ethernet cable, and change the network adapter in VirtualBox to use it, then I have connectivity from the jail.

I search for VirtualBox bug reports to see if there is a workaround, as I hope to play around with FreeNAS jails on my laptop while on the road next week.
 
Joined
Dec 2, 2015
Messages
730
I checked the manual, and learned that there are significant differences between how VirtualBox does bridged networking, depending on whether it is using a wired or wireless network.

Bridging to a wireless interface is done differently from bridging to a wired interface, because most wireless adapters do not support promiscuous mode. All traffic has to use the MAC address of the host's wireless adapter, and therefore VirtualBox needs to replace the source MAC address in the Ethernet header of an outgoing packet to make sure the reply will be sent to the host interface. When VirtualBox sees an incoming packet with a destination IP address that belongs to one of the virtual machine adapters it replaces the destination MAC address in the Ethernet header with the VM adapter's MAC address and passes it on. VirtualBox examines ARP and DHCP packets in order to learn the IP addresses of virtual machines.

I'll stop beating my head against the wall, and just use Ethernet for my testing.
 

jgreco

Resident Grinch
Joined
May 29, 2011
Messages
18,681
Happy to hear you found a resolution. See, I wouldn't have thought about that since all our production networks are wired. :smile:
 
Joined
Dec 2, 2015
Messages
730
I tried VMWare Fusion, and it seems to have the same issue.
 

jgreco

Resident Grinch
Joined
May 29, 2011
Messages
18,681
I tried VMWare Fusion, and it seems to have the same issue.

Yes, for the same reasons. Bridged is not going to work well for that. You could probably botch up some sort of proxy-ARP botchery to make it "work," but it'd be fragile as a result.
 
Status
Not open for further replies.
Top