Placing WebGUI on separate network with its own default route

[Paul D.]

Is it possible to place the WebGUI on its own interface that is on a seperate network and thus has its own default gateway? My example would be I have a 1G interface and a 10G interface; I want all management functions placed on the 1G network while leaving CIFS/NFS/iSCSI on the 10G (with routing support).

 

[SweetAndLow]

Most of the services can bind to a specific IP. So yes I think you can dedicate an IP to access data and all others for the web ui. I don't think you can force the webui into a specific network though.

 

[solarisguy]

I was thinking that if those two networks are separate (i.e. no routing from one to another) you should be able to pull it off. Just bind Web UI and CIFS to different interfaces.

 

[DrKK]

Just out of intellectual curiosity, I have a tough time envisioning a scenario where what you are proposing is something someone is likely to want to do with a home FreeNAS. What is your vision? I think either you can enlighten us, or, we can help you stop doing it wrong.

 

[Paul D.]

This isn't a home network, this is a campus network. My vision is for my workgroup to be able to access my CIFS/NFS shares without exposing the management interface via the 10G. The mgt (1G) would be on a secure network that is accessible only to trusted networks and has outbound access to both the campus and internet. The reason for two gateways is because the trusted networks are scattered about, include many subnets and the trusted networks should be able to access the CIFS/NFS shares.

 

[solarisguy]

Do you have other servers that are dual-homed? Does it work?

If yes to the above, then I think your question here is whether FreeNAS would route packets between the interfaces. I do not know the answer. (It also depends on routing design of your networks.)

 

[Paul D.]

I'm not looking for FreeNAS to be a router. I just need it to know which default route to use. In Linux, this would be source routing where I could define routes on a per interface basis. If a packet arrived on eth0, it would go back out eth0 and to eth0's default gateway if needed. Solaris can do something similar with PF and I know FreeBSD can do this as well using FIB but I read that requires a kernel recompile.

 

[depasseg]

I would be more concerned with the possibility of the webgui being bound and available on the 10G IP address as well as the 1G network. Just change the System->General->WebGUI IP Address to the specific address (i.e. the 1G interface address).

 

[master-richie]

Been there, done that ... https://forums.freenas.org/index.ph...s-multi-jails-freenas-routing-question.39047/ - checkout the link to my tutorial on FreeBSD.org

the terms you should research is FIB, setfib

FreeBSD has the capability for multiple routing tables by enabling them in loader.conf. I initially wanted to do that with my FreeNAS 9.3 box and after much research and finally success on a FreeBSD 9.3 devel server I have, I decided changing my file server from FreeNAS to pure FreeBSD and installing Samba is the best solution for me.

The way it was explained to me is FreeNAS is only designed to use one routing table, ergo 1 default route that is used by the whole system. I'm sure you could setup multiple routes on FreeNAS using the same procedure I provided here but I'm not interested in being the first to figure it out, I don't have the time for more experimenting / testing

ideally, in your scenario (like mine), you would run Samba in its own jail using it's own routing table / subnet and use the host for mgmt operations - make sure to checkout ezails or warden too, makes jail admin much easier

 

[master-richie]

... and I know FreeBSD can do this as well using FIB but I read that requires a kernel recompile.

FreeBSD v9.2(?) and up does not require a kernel compile to set multiple routing tables, it's just not enabled by default