VM (debian) can't access host share (Music)

[NinthWave]

I have a VM hosting a music server (AssetUPnP).

It was initially setup in the same subnet as the host. Everything worked fine then.

Today, I moved the VM in another subnet (VLAN10) using this procedure https://www.truenas.com/community/threads/how-to-modify-network-properties-for-vm.98279/post-678130

I can access the server at it's new adress 10.0.10.6 but the server itself does not have acces to the music share.

Code:

root@truenas[~]# ifconfig
bce0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=800b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,LINKSTATE>
        ether 84:2b:2b:51:53:8a
        inet 10.0.0.6 netmask 0xffffff00 broadcast 10.0.0.255
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        nd6 options=9<PERFORMNUD,IFDISABLED>
bce1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=800b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,LINKSTATE>
        ether 84:2b:2b:51:53:8c
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        nd6 options=9<PERFORMNUD,IFDISABLED>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
        inet 127.0.0.1 netmask 0xff000000
        groups: lo
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
pflog0: flags=0<> metric 0 mtu 33160
        groups: pflog
vlan20: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: Impression
        options=80000<LINKSTATE>
        ether 84:2b:2b:51:53:8c
        groups: vlan
        vlan: 20 vlanpcp: 0 parent interface: bce1
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        nd6 options=9<PERFORMNUD,IFDISABLED>
vlan10: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: IOT
        options=80000<LINKSTATE>
        ether 84:2b:2b:51:53:8c
        groups: vlan
        vlan: 10 vlanpcp: 0 parent interface: bce1
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        nd6 options=9<PERFORMNUD,IFDISABLED>
vlan40: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: Surveillance
        options=80000<LINKSTATE>
        ether 84:2b:2b:51:53:8c
        groups: vlan
        vlan: 40 vlanpcp: 0 parent interface: bce1
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        nd6 options=9<PERFORMNUD,IFDISABLED>
bridge20: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 02:22:41:d2:9a:14
        id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
        maxage 20 holdcnt 6 proto stp-rstp maxaddr 2000 timeout 1200
        root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
        member: vnet0.1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 12 priority 128 path cost 2000
        member: vlan20 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 5 priority 128 path cost 20000
        groups: bridge
        nd6 options=9<PERFORMNUD,IFDISABLED>
bridge10: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 02:22:41:d2:9a:0a
        inet 10.0.10.2 netmask 0xffffff00 broadcast 10.0.10.255
        id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
        maxage 20 holdcnt 6 proto stp-rstp maxaddr 2000 timeout 1200
        root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
        member: vnet0.2 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 13 priority 128 path cost 2000
        member: vnet0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 11 priority 128 path cost 2000000
        member: vlan10 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 6 priority 128 path cost 20000
        groups: bridge
        nd6 options=9<PERFORMNUD,IFDISABLED>
bridge40: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 02:22:41:d2:9a:28
        id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
        maxage 20 holdcnt 6 proto stp-rstp maxaddr 2000 timeout 1200
        root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
        member: vlan40 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 7 priority 128 path cost 20000
        groups: bridge
        nd6 options=9<PERFORMNUD,IFDISABLED>
vnet0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=80000<LINKSTATE>
        ether fe:a0:98:68:1b:99
        hwaddr 58:9c:fc:10:08:26
        groups: tap
        media: Ethernet autoselect
        status: active
        nd6 options=1<PERFORMNUD>
        Opened by PID 1623
vnet0.1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: associated with jail: cups as nic: epair0b
        options=8<VLAN_MTU>
        ether 86:2b:2b:bd:67:e5
        hwaddr 02:c5:dc:b8:8c:0a
        groups: epair
        media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
        status: active
        nd6 options=1<PERFORMNUD>
vnet0.2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: associated with jail: embyserver as nic: epair0b
        options=8<VLAN_MTU>
        ether 86:2b:2b:c0:af:79
        hwaddr 02:58:9f:95:a9:0a
        groups: epair
        media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
        status: active
        nd6 options=1<PERFORMNUD>
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 02:22:41:d2:9a:00
        id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
        maxage 20 holdcnt 6 proto stp-rstp maxaddr 2000 timeout 1200
        root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
        member: vnet0.3 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 15 priority 128 path cost 2000
        member: bce0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 1 priority 128 path cost 20000
        groups: bridge
        nd6 options=1<PERFORMNUD>
vnet0.3: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: associated with jail: seafile as nic: epair0b
        options=8<VLAN_MTU>
        ether 86:2b:2b:3b:01:7e
        hwaddr 02:00:36:40:e2:0a
        groups: epair
        media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
        status: active
        nd6 options=1<PERFORMNUD>

What am I doing wrong ?

 

[NinthWave]

I have Emby-Server hosted in a jail on the same VLAN10.
I have not setup any share for Emby but set ACL to 989 as per instructions for Emby-Server.

When I try to mount for Asset GUI, I get this:

Code:

root@debian10:/home/nick# mount -t nfs 10.0.0.6:/mnt/Bassin/Media/Musique /mnt
mount.nfs: Connection timed out
root@debian10:/home/nick# ping 10.0.0.6
PING 10.0.0.6 (10.0.0.6) 56(84) bytes of data.

The reason I moved the VM to a VLAN is to segregate the host from IOT. Is it possible I can't mount because I have a firewall rule block trafic from 10.0.10.0/24 to 10.0.0.0/24 and the share cannot be manage internally from a VM like it does with a jail?

[EDIT 16:30 EST]
I added a firewall rule to allow trafic from the VM (10.0.10.6) to the Host (10.0.0.6) and Asset is now scanning the files. But this seems conterproductive. I removed an IOT server from management subnet and had to allow traffic back to it...

I am pretty sure I am not the only one to segment his network this way so there surely is something I don't grab with my limited networking knowledge.

[EDIT 16:45]
The library scan has ended: 0 tracks, 0 albums..

 

[NinthWave]

@Patrick M. Hausen ,
Since you helped me so much to setup the VLAN for my jails, I wonder if you would step in for the VM as well.

The reason I moved the VM to a VLAN is to segregate the host from IOT. Is it possible I can't mount because I have a firewall rule block trafic from 10.0.10.0/24 to 10.0.0.0/24 and the share cannot be manage internally from a VM like it does with a jail?

[EDIT 16:30 EST]
I added a firewall rule to allow trafic from the VM (10.0.10.6) to the Host (10.0.0.6) and Asset is now scanning the files. But this seems conterproductive. I removed an IOT server from management subnet and had to allow traffic back to it...

I am pretty sure I am not the only one to segment his network this way so there surely is something I don't grab with my limited networking knowledge.

[EDIT 16:45]
The library scan has ended: 0 tracks, 0 albums..

I read this: https://www.truenas.com/docs/scale/virtualization/accessingnasfromvm/

That's what I'd like to achieve... access my NAS from Ubuntu through a Unix socket and not through the LAN which is counterproductive?

From this https://www.truenas.com/community/threads/truenas-12-0-stable-set-up-vlans.89280/post-665963, I was successful in creating a jail in VLAN10 (IOT).

Is another bridge required for the VM in VLAN10 ?

 

[Patrick M. Hausen]

You cannot access a Unix socket on the NAS from inside a VM. You will always have to use a file sharing protocol like SMB ot NFS with VMs. You can access a Unix socket from a jail. But jails are only available on TN CORE which is FreeBSD based, not on TN SCALE which is Linux based. Linux does not have jails.

I am not quite sure what you are trying to achieve. You are referencing the TN SCALE documentation. Again, if you are running CORE, the SCALE documentation does not apply - these are two completely different products.

 

[NinthWave]

I am not quite sure what you are trying to achieve. You are referencing the TN SCALE documentation. Again, if you are running CORE, the SCALE documentation does not apply - these are two completely different products.

I did not realise SCALE was on Linux.
When going trough TrueNAS doc for VM, I had partial information from TN11..3-U5 and for TN Core 12 it's even shorter. I googled something that brought me to TN Scale.

I have media share on the host at 10.0.0.6
I want to run some music server in an Ubuntu VM in VLAN10(IOT) at let's say 10.0.10.6
My media server (dbPoweramp Assetupnp-server) does not run on FreeBSD... any OS but BSD .

So my goal is to install Asset in the Ubuntu VM but be able to access the music files on the host

 

[Patrick M. Hausen]

You need to use NFS or SMB.

 

[NinthWave]

You need to use NFS or SMB.

Did you have a peek at my post #1 and #2? I have NFS. When the VM was in the same VLAN as the host, it worked for a year. As soon as I moved the VM to the VLAN10, the VM could not read the files.

AL

 

[Patrick M. Hausen]

You can assign an IP address in the same LAN as the VM to the bridge interface of your TN host and use that to access the share.

 

[NinthWave]

You can assign an IP address in the same LAN as the VM to the bridge interface of your TN host and use that to access the share.

Code:

bridge10: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 02:22:41:d2:9a:0a
        inet 10.0.10.2 netmask 0xffffff00 broadcast 10.0.10.255
        id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
        maxage 20 holdcnt 6 proto stp-rstp maxaddr 2000 timeout 1200
        root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
        member: vnet0.2 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 13 priority 128 path cost 2000
        member: vnet0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 11 priority 128 path cost 2000000
        member: vlan10 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 6 priority 128 path cost 20000

The bridge already got an IP address in the same VLAN as the host

So I should replace the actual NFS config Authorized Hosts and IP addresses

From it's curent value of 10.0.10.6 (VM) to 10.0.10.2 (the Bridge10) ?

 

[Patrick M. Hausen]

So I should replace the actual NFS config Authorized Hosts and IP addresses

From it's curent value of 10.0.10.6 (VM) to 10.0.10.2 (the Bridge10) ?

So the VM is 10.0.10.6? And the host has got an IP address assigned to that very bridge interface the VM is connected to, with address 10.0.10.2?

Then in the share permissions you need to permit access to the VM - 10.0.10.6.
And in the VM you need to use 10.0.10.2 as the server address for your mount.

 

[NinthWave]

So the VM is 10.0.10.6? And the host has got an IP address assigned to that very bridge interface the VM is connected to, with address 10.0.10.2?

Then in the share permissions you need to permit access to the VM - 10.0.10.6.
And in the VM you need to use 10.0.10.2 as the server address for your mount.

That was exacly how it was configured with no success

When I moved the VM from native VLAN to VLAN10, I changed the Authorized Hosts and IP addresses from it's previous IP to it's new vlan10 IP and the /mnt/Music was nver populated.

I reinstalled the VM,

 

[NinthWave]

So, another strange behavior presented itself after moving the VM in a VLAN instead of the host subnet:

When I initially installed my AssetUPnP-server (in host subnet), it seemed to come with it's own flavor of vnet and got an IP in the host subnet (as expected). The host was at 10.0.0.2, the VM at 10.0.0.6 while the Asset server was at 10.0.0.8

Now that I have set the VM in VLAN10, the VM is at 10.0.10.6 (static from pfSense) but the AssetServer is at 172.17.0.1. I have no subnet or vlan in this range.

Now I don't know if it's the TrueNAS VM scope for help but I have no clue where to investigate this.

Code:

nick@ubuntu:~/Asset-Install/Asset-R7.3-Linux-x64-registered$ ./INSTALL.sh
=== Asset UPnP installer ===
Installing version:
R7.3
Updating crontab...
Starting Asset...
Configuration page:
http://172.17.0.1:45537
Finished.
Asset installed in: /home/nick/bin/AssetUPnP

Code:

nick@ubuntu:~/Asset-Install/Asset-R7.3-Linux-x64-registered$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:a0:98:71:bd:72 brd ff:ff:ff:ff:ff:ff
    inet 10.0.10.6/24 brd 10.0.10.255 scope global dynamic enp0s3
       valid_lft 5327sec preferred_lft 5327sec
    inet6 fe80::2a0:98ff:fe71:bd72/64 scope link
       valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether 02:42:c2:7d:de:21 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever

Code:

#!/bin/sh

echo "=== Asset UPnP installer ==="

if [ "$(uname)" = "Darwin" ]; then
    PROFILE="$HOME/Library/dBpoweramp"
else
    PROFILE="$HOME/.dBpoweramp"
fi

CONFIGLINK="$PROFILE/AssetConfigLink.txt"

mkdir -p ~/bin || exit 1

TARGET=~/bin/AssetUPnP
RUNME=$TARGET/AssetUPnP

echo "Installing version:"
cat bin/Versions/Asset-UPnP.txt

if [ -f "$RUNME" ]; then
    echo "Upgrading from:"
    cat "$TARGET/Versions/Asset-UPnP.txt"

    "$RUNME" --shutdown
fi

rm -f /tmp/AssetReg.bin

if [ -f "$TARGET/AssetReg.bin" ] && ! [ -f bin/AssetReg.bin ]; then
    mv "$TARGET/AssetReg.bin" /tmp/AssetReg.bin
fi

rm -rf "$TARGET" || exit 1
cp -r ./bin "$TARGET" || exit 1

if [ -f /tmp/AssetReg.bin ] && ! [ -f "$TARGET/AssetReg.bin" ]; then
    mv /tmp/AssetReg.bin "$TARGET/AssetReg.bin"
fi


CRONTAB=/tmp/asset-crontab.txt

echo "Updating crontab..."
# NOTE some distros fail with "no crontab for user"
# ignore errors, just write a blank crontab.txt if so
crontab -l 2>/dev/null | fgrep -v "$TARGET" > "$CRONTAB"
echo @reboot "$RUNME" >> "$CRONTAB"
crontab "$CRONTAB"
rm -f "$CRONTAB"

rm -f "$CONFIGLINK"

echo "Starting Asset..."

"$RUNME" 2>/dev/null >/dev/null &

while ! [ -f "$CONFIGLINK" ]
do
    sleep 1
done

echo "Configuration page:"
cat "$CONFIGLINK"
echo

echo "Finished."
echo "Asset installed in: $TARGET"

 

[NinthWave]

CONFIGLINK="$PROFILE/AssetConfigLink.txt"

I checked this file and it showed http://10.0.10.6:45537 despite the installation success message refering to 172.17.0.1:45537

I typed that link in my browser and it worked. But I am still confused.

 

[NinthWave]

SLOW | HANGS UP

I don't know if it's:

• changing from Debian10 to Ubuntu 20 LTS or
• changing the VM from host subnet to VLAN10 subnet

But the system is quite slow. both the SSH console and the Asset Web interface hang for many seconds.

 

[NinthWave]

So the VM is 10.0.10.6? And the host has got an IP address assigned to that very bridge interface the VM is connected to, with address 10.0.10.2?

Then in the share permissions you need to permit access to the VM - 10.0.10.6.
And in the VM you need to use 10.0.10.2 as the server address for your mount.

NFS share from server on host to client on VM in diffenrent subnet always hangs the VM for several seconds to minutes.
It did for the VM (debian10) set last year
I created a new VM (Ubuntu 20 LTS)
I created a new VM (debian 11).

If the VM is in same subnet as the data itself (the host), everything works fine
As soon as the VM is moved to a VLAN, any command in the VM shell requires a lot of time,.
A TOP in the VM shows no heavy load nor the dashboard of the host.
Firewall rules for VM to HOST are set to "Allow all"

Any idea what can be causing that?

 

[Patrick M. Hausen]

Do a packet trace on the firewall/router sitting inbetween ...

 

[NinthWave]

Do a packet trace on the firewall/router sitting inbetween ...

10.0.10.6 is the client (VM)
10.0.0.6 is the host where the data is

I went to the mount directory
I started the capture
Did an ls
Stopped the capture as soon as the prompt came back

Code:

13:26:36.388182 IP 10.0.10.6.763 > 10.0.0.6.2049: tcp 108
13:26:41.501604 ARP, Request who-has 10.0.10.1 tell 10.0.10.6, length 46
13:26:41.501643 ARP, Reply 10.0.10.1 is-at de:9e:10:ae:26:2c, length 28
13:27:16.512958 IP 10.0.10.6.44524 > 239.255.255.250.1900: UDP, length 281
13:27:16.532848 IP 10.0.10.6.44524 > 239.255.255.250.1900: UDP, length 333
13:27:16.554274 IP 10.0.10.6.44524 > 239.255.255.250.1900: UDP, length 361
13:27:16.575081 IP 10.0.10.6.44524 > 239.255.255.250.1900: UDP, length 345
13:27:16.595913 IP 10.0.10.6.44524 > 239.255.255.250.1900: UDP, length 347
13:27:16.615608 IP 10.0.10.6.44524 > 239.255.255.250.1900: UDP, length 287
13:27:16.637341 IP 10.0.10.6.44524 > 239.255.255.250.1900: UDP, length 281
13:27:16.657515 IP 10.0.10.6.44524 > 239.255.255.250.1900: UDP, length 333
13:27:16.678923 IP 10.0.10.6.44524 > 239.255.255.250.1900: UDP, length 361
13:27:16.699675 IP 10.0.10.6.44524 > 239.255.255.250.1900: UDP, length 345
13:27:16.720617 IP 10.0.10.6.44524 > 239.255.255.250.1900: UDP, length 347
13:27:16.740874 IP 10.0.10.6.44524 > 239.255.255.250.1900: UDP, length 287
13:27:50.098633 IP 10.0.10.6.763 > 10.0.0.6.2049: tcp 0
13:27:50.099598 IP 10.0.10.6.763 > 10.0.0.6.2049: tcp 0
13:27:50.109447 IP 10.0.10.6.763 > 10.0.0.6.2049: tcp 0
13:27:50.110812 IP 10.0.10.6.763 > 10.0.0.6.2049: tcp 0
13:27:50.110916 IP 10.0.10.6.763 > 10.0.0.6.2049: tcp 108
13:27:50.111076 IP 10.0.10.6.763 > 10.0.0.6.2049: tcp 108
13:27:50.112073 IP 10.0.10.6.763 > 10.0.0.6.2049: tcp 0
13:27:50.112154 IP 10.0.10.6.763 > 10.0.0.6.2049: tcp 0
13:27:50.112232 IP 10.0.10.6.763 > 10.0.0.6.2049: tcp 108
13:27:50.112295 IP 10.0.10.6.763 > 10.0.0.6.2049: tcp 108
13:27:50.113158 IP 10.0.10.6.763 > 10.0.0.6.2049: tcp 0
13:27:50.113496 IP 10.0.10.6.763 > 10.0.0.6.2049: tcp 0


[...] Message is limited at 30000 characters [...]


13:27:51.324589 IP 10.0.10.6.763 > 10.0.0.6.2049: tcp 0
13:27:51.505785 IP 10.0.10.6.763 > 10.0.0.6.2049: tcp 108
13:27:51.921978 IP 10.0.10.6.763 > 10.0.0.6.2049: tcp 108
13:27:52.754000 IP 10.0.10.6.763 > 10.0.0.6.2049: tcp 108
13:27:54.417324 IP 10.0.10.6.763 > 10.0.0.6.2049: tcp 108
13:27:57.780477 IP 10.0.10.6.763 > 10.0.0.6.2049: tcp 108

 

[Patrick M. Hausen]

Where are all the replies from the server? Do you have some weird asymmetric routing issue, perhaps?

 

[NinthWave]

Where are all the replies from the server? Do you have some weird asymmetric routing issue, perhaps?

I read on pfSense community forum some topics about that.

That is probably the problem but I have some jails in the same VLAN that does not seem affected. Only the VM. How can I know if the problem is on the pfSense side or the TrueNAS side? Is there some TrueNAS config screenshot I could provide to validate that?

Note
I did not drop the ball on this but got COVID saturday and spent a few days on "idle" sleeping.

 

[Patrick M. Hausen]

To packet traces with tcpdump on all interfaces of your pfSense that might be involved here and watch what happens ...