TrueNAS routing with multiple interfaces - Advanced nat or routing needed

[simoncc]

Hi all,

This is my first installation of TrueNAS and I'asking if anyone got an idea for an issue with multiple interface routing.

I have installed Truenas 12 on a VM with 3 network interfaces:

1 - 192.168.102.200/24 Main interface to be used only for web access ssh access and managing
2 - 192.168.1.200/23 First NAS services interface ( NFS,SMB )
3 - 192.168.2.200/24 Second NAS services interface ( NFS,SMB )

this are all private but subnet separated networks:

the only default gateway that I need is the one of the managing network ( 192.168.102.254 ) and I want that all traffic to the managing network services ( http, https,ssh ) to be routed back to the gateway 192.168.102.254.

The problem is that if I try to access to 192.168.102.200 from a device that is on the same subnet of the other interfaces , routing is not working and ssh or any service is not available.
This is normal routing behaviour but I was wondering if there are some plugins or optional tools in TrueNAS to manipulate routing precedence as in other professional NAS.

An example :

my laptop is in network 192.168.0.0/23 and I want to access to management GUI of my trueNAS at https://192.168.102.200

at the moment this is not working , because my TrueNAS is answering the packets through interface number 2 and not using default gateway 192.168.102.200

Anyone with any idea?

Best Regards,

Simon

 

[jgreco]

routing is not working

Actually routing IS working. It's just that the NAS has a directly-connected route, which is the best path.

There isn't a general solution to this problem, because the design you're hoping for makes assumptions about how networks work that aren't valid.

The following is a related discussion of why you won't really get this behaviour very easily.

Multiple interfaces on same subnet

So I really don't understand this at all. There is absolutely no technical reason for not being able to have multiple interfaces on the same subnet, regardless of they are serving the same service or not. I mean really, there's no reason why I can't have two iSCSI initiators in the same subnet...

www.truenas.com

if there are some plugins or optional tools in TrueNAS to manipulate routing precedence as in other professional NAS.

The only "professional NAS" I know of that do this differently in the way you're implying are the big SAN gear with the highly specialized and optimized IP stacks that are usually based on not-Linux and not-FreeBSD.

You can get the behaviour you're looking for by using something like:

ipfw add 1 pass ip from 192.168.102.200 to 192.168.102.0/24
ipfw add 2 fwd 192.168.102.254 ip from 192.168.102.200 to any

but this gets real stupid real fast as complexity increases and the performance tax strikes, and there is also the joyous impact of the law of unintended consequences.

 

[TheUsD]

To accomplish something similar, here are the steps I took.


Had three ESXi hosts that I wanted to reach one of my TrueNAS boxes via NAS.

Management subnet: 10.90.50.0/24
Storage (NAS) subnet 10.80.50.0/24

ESXi hosts:
10.90.50.11/24
10.90.50.12/24
10.90.50.13/24

TrueNAS:
em0 (Management) 10.90.50.33/24
ix0 (Storage) 10.80.50.11/24
Under System > General, I configured the 10.90.50.33 as my web interface IPv4 address as I only want TrueNAS's management to be accessed by this.

Static Routes in TrueNAS:
Destination: 0.0.0.0/0.0.0.0 Gateway: 10.90.50.1
Destination: 10.90.50.11/32 Gateway: 10.80.50.1
Destination: 10.90.50.12/32 Gateway: 10.80.50.1
Destination: 10.90.50.13/32 Gateway: 10.80.50.1

All ESXi hosts have the default route of: Default 0.0.0.0 10.90.50.1

For NFS, under Athorized Networks, I added each subnet that can gain access to the shares. IE, server subnet, my management subnet and my storage subnet. I also specified Authorized Hosts and IP address of the ESXi hosts.

For SMB, I made no network related changes.

As far as my other devices on other subnets such as, Secure wifi, servers, and workstations being able to access 10.80.50.11/24, that's all in your firewall and the rules you specify to allow what source devices to reach specific services on the TrueNAS.

Everything works as intended.

 

[djb]

To accomplish something similar, here are the steps I took.


Had three ESXi hosts that I wanted to reach one of my TrueNAS boxes via NAS.

Management subnet: 10.90.50.0/24
Storage (NAS) subnet 10.80.50.0/24

ESXi hosts:
10.90.50.11/24
10.90.50.12/24
10.90.50.13/24

TrueNAS:
em0 (Management) 10.90.50.33/24
ix0 (Storage) 10.80.50.11/24
Under System > General, I configured the 10.90.50.33 as my web interface IPv4 address as I only want TrueNAS's management to be accessed by this.

Static Routes in TrueNAS:
Destination: 0.0.0.0/0.0.0.0 Gateway: 10.90.50.1
Destination: 10.90.50.11/32 Gateway: 10.80.50.1
Destination: 10.90.50.12/32 Gateway: 10.80.50.1
Destination: 10.90.50.13/32 Gateway: 10.80.50.1

All ESXi hosts have the default route of: Default 0.0.0.0 10.90.50.1

For NFS, under Athorized Networks, I added each subnet that can gain access to the shares. IE, server subnet, my management subnet and my storage subnet. I also specified Authorized Hosts and IP address of the ESXi hosts.

For SMB, I made no network related changes.

As far as my other devices on other subnets such as, Secure wifi, servers, and workstations being able to access 10.80.50.11/24, that's all in your firewall and the rules you specify to allow what source devices to reach specific services on the TrueNAS.

Everything works as intended.

Hello UsD, i have a truenas with second interface direct attached cable 10Gb (no router/gateway), truenas 192.168.4.1 and host 192.168.4.2, communicating ok.
Another truenas box with same configuration is not communicating through secondary interface , but is working with the primary !
Any ideas ?