I have two questions regarding the thread title and I have looked through the forum but did not find the clarity I'm hoping for. My goal is to use a second NIC in my freenas host solely for some jails for external access (web server, music server, etc.) and to isolate the NIC for use by just those jails.
(1) What is the precise config needed for the externally accessible jails so that they use this other NIC (em1)? Can it be set from the GUI alone? And can these jails still utilize dhcp? Note per the attached diagram (upper right corner) that em0 physically connects into subnet/dhcp 1, while em1 (for these external jails) physically connects into subnet/dhcp2.
(2) Is the concept of isolating the NIC (em1) from the host a valid one and is there any configuration needed/recommended to that end? Or is this an artificial idea concocted in my mind with no practical security value (i.e., ensuring em1 is clearly disabled from host perspective)? I ask because on a Windows box where I formerly was running VMs using Virtual Box, I had disabled all protocols in the Windows host networking for perceived security value since only VMs needed the NIC. Again, I'm uncertain if there is any value in what I'm trying to describe? I realize the host still has NIC installed via host driver, so perhaps there is not true security value to worry about what protocols/services are bound to the NIC in the host OS?
(1) What is the precise config needed for the externally accessible jails so that they use this other NIC (em1)? Can it be set from the GUI alone? And can these jails still utilize dhcp? Note per the attached diagram (upper right corner) that em0 physically connects into subnet/dhcp 1, while em1 (for these external jails) physically connects into subnet/dhcp2.
(2) Is the concept of isolating the NIC (em1) from the host a valid one and is there any configuration needed/recommended to that end? Or is this an artificial idea concocted in my mind with no practical security value (i.e., ensuring em1 is clearly disabled from host perspective)? I ask because on a Windows box where I formerly was running VMs using Virtual Box, I had disabled all protocols in the Windows host networking for perceived security value since only VMs needed the NIC. Again, I'm uncertain if there is any value in what I'm trying to describe? I realize the host still has NIC installed via host driver, so perhaps there is not true security value to worry about what protocols/services are bound to the NIC in the host OS?