SOLVED Separating Jails with VLANs

Status
Not open for further replies.
kgmoney

kgmoney

Cadet
Joined
May 4, 2016
Messages
8
Hi,

I've come across a few similar questions, but I haven't seen a clear solutions so far...if I missed it, I apologize.

My FreeNAS box has one NIC and I've configured two VLANs on it [screenshots]. I would like to have the FreeNAS operating on VLAN2 (working) and a subset of my jails operating on VLAN5. The jails on VLAN5 should not be able to see anything on the network/internet unless my pfSense box has firewall rules specifically allowing it.

I'm stuck on how to put my jails on VLAN5 in such a way that they are isolated and routed only at the pfSense. I tried not use VIMAGE and was able to get them on VLAN5, but the FreeNAS was routing traffic between the two vlans. From what I've heard/read, I should be able to us VIMAGE jails and bridge them to VLAN5. I've played with the bridge settings in the jail config gui but so far nothing has worked.

Can anyone shed some light on how this should work/how to set it up?

Thanks,
Kevin
 

Attachments

  • Selection_002.png
    Selection_002.png
    15.3 KB · Views: 632
  • Selection_003.png
    Selection_003.png
    24 KB · Views: 430
D

dlavigne

Guest
If you happen to figure out the solution, please post it.
 
G

Googs

Cadet
Joined
May 22, 2016
Messages
5
dlavigne said:
If you happen to figure out the solution, please post it.
Click to expand...

In the same situation here too (except replace pfsense with the Sophos UTM and add lacp on the network side).

Any guidance on the above is very much appreciated
 
pirateghost

pirateghost

Unintelligible Geek
Joined
Feb 29, 2012
Messages
4,219
I will look into this tonight if I can find the time. I have been thinking about firing up a couple of jails on a different VLAN.
 
G

Googs

Cadet
Joined
May 22, 2016
Messages
5
Hi All,

Just wondering if anybody has had any luck, I am still trying but failing to get the jails to work in different vlans.
Cheers.
 
jgreco

jgreco

Resident Grinch
Joined
May 29, 2011
Messages
18,680
You're better off working on this at the CLI level to see what's actually going on.

VLAN's are best viewed as "just ordinary interfaces" such as em0, em1, em2, etc., would be, except that the physical transport off the system is a single link. Your vlan configuration as posted seems reasonable.

FreeNAS does not route packets back and forth between vlans. The setting "net.inet.ip.forwarding" is zero. That's different than a jail being able to see both networks.

I haven't really played enough with jails on FreeNAS, but you ought to be able to bind either the bridge or VIMAGE to one of the vlan interfaces as needed to make it work as you seem to expect. All that extra complexicated networking scaffolding that was added around the jail mechanism in FreeNAS was supposed to handle that kind of stuff.
 
Status
Not open for further replies.

Similar threads

timpj5
  • Locked
Creating Jail makes network go nuts
Replies
7
Views
3K
pschatz100
P
A
Setting Jails to use trunked VLANS
Replies
1
Views
896
dlavigne
D
Junicast
TrueNAS 12 Beta1 networking issues bridge + vlan + bond
Replies
4
Views
2K
Junicast
Junicast
N
Network struggles with scale
Replies
16
Views
2K
nemesis1782
N
K
How to properly setup iocage jails using a VLAN
Replies
11
Views
3K
KevDog
K
Top