plugin jail = unreachable, existing bridge?

[RNC]

Hi guys, going by your wiki guide for setting up jail and plugins, I seem to have arrived at what I think may be a catch 22 in setting this up.


Background/Hardware
FreeNAS-8.3.0-RELEASE-p1-x64
Supermicro board with dual intel NICs, bridged (in process of upgrading to a new NAS and have the old connected to the new for moving stuff)
2Wire 3600HGV router from ATT
Jail version FreeNAS-8.3.0-RELEASE-x64.Plugins_Jail.pbi

So following the guide, I set up the jail with an ip of 192.168.1.253, 255.255.255.0 for the netmask, which is the IP range my router is serving DHCP from. 192.168.1.253 is not in use by another device. I have my router's IP (192.168.1.254) defined as the default gateway in the global config, but no DNS servers (not getting that far).

From inside the jail after setting/starting the jail up...

Code:

jls
   JID  IP Address      Hostname                      Path
     2  -               plugins                       /mnt/media/jail/plugins
[root@NAS] /mnt/media# jexec 2 csh
plugins# ifconfig -a
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=3<RXCSUM,TXCSUM>
        inet 127.0.0.1 netmask 0xff000000
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
        nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
epair0b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=8<VLAN_MTU>
        ether 02:cb:52:00:0f:0b
        inet 192.168.1.253 netmask 0xffffff00 broadcast 192.168.1.255
        inet6 fe80::cb:52ff:fe00:f0b%epair0b prefixlen 64 scopeid 0x2
        nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
        media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
        status: active
plugins# ping 192.168.1.254
PING 192.168.1.254 (192.168.1.254): 56 data bytes
ping: sendto: Host is down
ping: sendto: Host is down
ping: sendto: Host is down
^C
--- 192.168.1.254 ping statistics ---
8 packets transmitted, 0 packets received, 100.0% packet loss

from outside the jail...

Code:

[root@NAS] /mnt/media# ifconfig -a
em0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=4219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC,VLAN_HWTSO>
        ether 00:25:90:c2:86:60
        inet 192.168.1.69 netmask 0xffffff00 broadcast 192.168.1.255
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
em1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=4219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC,VLAN_HWTSO>
        ether 00:25:90:c2:86:61
        inet 0.0.0.0 netmask 0xff000000 broadcast 255.255.255.255
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=3<RXCSUM,TXCSUM>
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0xb
        inet6 ::1 prefixlen 128
        inet 127.0.0.1 netmask 0xff000000
        nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 02:10:7d:6d:0b:00
        inet 192.168.1.6 netmask 0xffffff00 broadcast 192.168.1.255
        id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
        maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
        root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
        member: em1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 6 priority 128 path cost 20000
        member: em0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 5 priority 128 path cost 200000
bridge1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 02:10:7d:6d:0b:01
        id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
        maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
        root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
        member: epair0a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 14 priority 128 path cost 2000
epair0a: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=8<VLAN_MTU>
        ether 02:cb:52:00:0e:0a
        media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
        status: active

netstat from outside...

Code:

[root@NAS] /mnt/media# netstat -rn
Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
0.0.0.0/8          link#6             U           0        0    em1 =>
default            192.168.1.254      UGS         0      347    em0
127.0.0.1          link#11            UH          0    53605    lo0
192.168.1.0/24     link#5             U           0   162740    em0
192.168.1.6        link#12            UHS         0        0    lo0
192.168.1.69       link#5             UHS         0       81    lo0

Internet6:
Destination                       Gateway                       Flags      Netif Expire
::/96                             ::1                           UGRS        lo0
::1                               link#11                       UH          lo0
::ffff:0.0.0.0/96                 ::1                           UGRS        lo0
fe80::%lo0/64                     link#11                       U           lo0
fe80::1%lo0                       link#11                       UHS         lo0
ff01::%lo0/32                     fe80::1%lo0                   U           lo0
ff02::%lo0/32                     fe80::1%lo0                   U           lo0

I see the second bridge was created, bridge1, but I don't see the router connected primary NIC as a member, am I likely correct in assuming this is the problem?

I saw in another thread someone suggesting adding the MAC of the virtual NIC into the router under the DHCP assignments, so as to rule out the router being the problem, but if that's the case I have a bit of a catch 22 since this router will only accept new MACs as DHCP, from which you can then assign a static address via the DHCP table. I tried setting the virtual NIC in the jail to DHCP but I got a error about BPF not existing so I suppose that's not possible without BPF?

 

[RNC]

update: the secondary bridge was the problem, just don't know how. I pulled the connection to the second NIC and deleted the existing bridge, and everything worked without any further tinkering after reinstalling the jail.

sooo, bug report about jail not working with an existing ethernet bridge in place?

 

[William Grzybowski]

Network bridge is not support by FreeNAS. If you have configured it by your own you're also on your own on the bugs it will cause. This is one of them.

 

[RNC]

Network bridge is not support by FreeNAS. If you have configured it by your own you're also on your own on the bugs it will cause. This is one of them.

Gotcha.

I suppose I could manually adjust the bridge settings just as I manually created the bridge, but no need since it was just for temporary copying of data from the old bridge via smbget.

Thanks for the reply!