No forwarding from second NIC to first NIC on FreeNAS11.2

[vox_dio]

I have FreeNAS -11.2-U2.1, up-to-date.
I have 2 NIC installed on the box, one towards the Provider switch, second connected directly with Apple TV. I have enabled IP forwarding on the FreeNAS, but the AppleTV can not reach to the internet thru the FreeNAS box/

Setup is Internet - {Virgin hub GW 192.168.0.1/24} ---- {192.168.0.115/24 on re0 FreeNAS, second NIC on in as re1 192.168.111/24} ----- AppleTV 192.168.1.222/24
Can not figure out what is wrong here; pasting :
--- ifconfig logs (re1 is currently disconnected this is why is showing "no carrier" ------
root@freenas:~ # ifconfig
re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
ether 64:70:02:00:42:2d
hwaddr 64:70:02:00:42:2d
inet 192.168.0.115 netmask 0xffffff00 broadcast 192.168.0.255
inet 192.168.0.77 netmask 0xffffff00 broadcast 192.168.0.255
inet6 fe80::6670:2ff:fe00:422d%re0 prefixlen 64 scopeid 0x1
nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
re1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
ether bc:5f:f4:5a:d6:e8
hwaddr bc:5f:f4:5a:d6:e8
inet 192.168.1.111 netmask 0xffffff00 broadcast 192.168.1.255
nd6 options=9<PERFORMNUD,IFDISABLED>
media: Ethernet autoselect (none)
status: no carrier
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
inet 127.0.0.1 netmask 0xff000000
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
groups: lo

--- routing table ------
root@freenas:~ # netstat -rn
Routing tables
Internet:
Destination Gateway Flags Netif Expire
default 192.168.0.1 UGS re0
127.0.0.1 link#3 UH lo0
192.168.0.0/24 link#1 U re0
192.168.0.77 link#1 UHS lo0
192.168.0.115 link#1 UHS lo0
192.168.1.0/24 link#2 U re1
192.168.1.111 link#2 UHS lo0
--- ping from re0 interface is working (the one directly connected to the Provider hub) -----
root@freenas:~ # ping -S 192.168.0.115 8.8.8.8
PING 8.8.8.8 (8.8.8.8) from 192.168.0.115: 56 data bytes
64 bytes from 8.8.8.8: icmp_seq=0 ttl=122 time=12.648 ms
64 bytes from 8.8.8.8: icmp_seq=1 ttl=122 time=9.200 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=122 time=16.550 ms
^C
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 9.200/12.799/16.550/3.003 ms
--- ping from re0 interface on the FreeNAS box connected to the Apple TV is not being routed to the Internet ----
root@freenas:~ # ping -S 192.168.1.111 8.8.8.8
PING 8.8.8.8 (8.8.8.8) from 192.168.1.111: 56 data bytes
^C
--- 8.8.8.8 ping statistics ---
18 packets transmitted, 0 packets received, 100.0% packet loss
----
forwarding is enabled: ----
root@freenas:~ # sysctl -a | grep forwarding
net.inet.ip.forwarding: 1
net.inet6.ip6.forwarding: 0

Any ideas what might be wrong with this forwarding?

thanks

 

[jgreco]

Does your router know how to reach 192.168.1.0/24?

 

[vox_dio]

I don't have an option for static routes on the Virgin box. Isn't re0 doing NAT when re1 is trying to reach to the internet?

 

[jgreco]

I don't have an option for static routes on the Virgin box. Isn't re0 doing NAT when re1 is trying to reach to the internet?

Why would anything be doing NAT other than the "Virgin box"? NAT is an insanely bad thing in most networks and causes no end of brokenness. The only reason it really exists is because there was a lot of resistance to go to IPv6. Putting two interfaces on two different networks does not automatically create some sort of NAT instance, sorry. Your FreeNAS box will not NAT for you, plus you should not try to make it, because it is likely to break random things.

If your Virgin box is too stupid to be able to handle a static route, that's going to be a problem. You can't have an additional network if it doesn't know how to get there. Why is it that you want to construct your network like this, anyways?

 

[vox_dio]

I don't have enough ports on the Virgin Media box switch, but I have free port on the FreeNAS - this is the only reason. Also I have a VLC on the AppleTV which is playing movies from the FreeNAS ...
I thought that since the jails on the FreeNAS are de-facto using NAT to go thru the interfaces to the internet, it shall be the same setup for the second NIC.

 

[jgreco]

I don't have enough ports on the Virgin Media box switch, but I have free port on the FreeNAS - this is the only reason. Also I have a VLC on the AppleTV which is playing movies from the FreeNAS ...
I thought that since the jails on the FreeNAS are de-facto using NAT to go thru the interfaces to the internet, it shall be the same setup for the second NIC.

Jails on FreeNAS are not necessarily using NAT, and the entire jail system is a big fat layer that sits on top of the base system to do value-add.

At a fundamental level, the system is trivially capable of doing any number of clever, dumb, odd, etc., networking stunts and there's no reason it couldn't be made to do it, but the problem you're going to run into is that the middleware is only designed to implement the things that it is expecting, which definitely does NOT include configuring internetwork NAT. That's why I originally said

Your FreeNAS box will not NAT for you, plus you should not try to make it, because it is likely to break random things.

Your best option is to go out and get a switch. Today's pricing on a cheap gigabit switch is $13.92 and it's probably the best fix.

The purchase-free option that might cause you headaches in the future is to configure a bridge between the two ports.

https://www.ixsystems.com/community...-without-10gb-switch.25259/page-2#post-161363

 

[vox_dio]

Thanks, I will go with the switch option