Cannot ping TrueNAS Host from within Incus VM

My TrueNAS host (10.0.0.253), which is on Fangtooth, is running a Debian VM (10.0.0.240), which has a webserver, is exposed to my DMZ, and acts as a proxy to various other things, including my Docker Apps running on the TrueNAS.

Under EE, this setup worked fine. Under FT, I can’t ping or reach my host from inside the VM, meaning I’m unable to proxy to my own apps anymore.

root@www:~# ping 10.0.0.1
PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=0.692 ms
64 bytes from 10.0.0.1: icmp_seq=2 ttl=64 time=0.610 ms
64 bytes from 10.0.0.1: icmp_seq=3 ttl=64 time=0.671 ms
^C
--- 10.0.0.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2011ms
rtt min/avg/max/mdev = 0.610/0.657/0.692/0.034 ms
root@www:~# ping 10.0.0.23
PING 10.0.0.23 (10.0.0.23) 56(84) bytes of data.
64 bytes from 10.0.0.23: icmp_seq=1 ttl=64 time=0.662 ms
64 bytes from 10.0.0.23: icmp_seq=2 ttl=64 time=0.564 ms
64 bytes from 10.0.0.23: icmp_seq=3 ttl=64 time=0.866 ms
^C
--- 10.0.0.23 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 0.564/0.697/0.866/0.125 ms
root@www:~# ping 10.0.0.253
PING 10.0.0.253 (10.0.0.253) 56(84) bytes of data.
From 10.0.0.240 icmp_seq=1 Destination Host Unreachable
From 10.0.0.240 icmp_seq=2 Destination Host Unreachable
From 10.0.0.240 icmp_seq=3 Destination Host Unreachable
^C
--- 10.0.0.253 ping statistics ---
5 packets transmitted, 0 received, +3 errors, 100% packet loss, time 4091ms
pipe 4
root@www:~# 

The VM is set up using a MACVLAN adapter to bridge to my network. Is there a way to allow the Instance to reach the host, so I can proxy my apps again?

VM, not container, right?
Why Macvlan?
Bridge?

Correct, it’s a VM, not a container, using MACVLAN Bridge so it can have its own IP, and I can put the VM in the DMZ on my router.

What’s weird is I can ping anything else on my network except the host TrueNAS itself.

This is a screenshot of the network settings inside the VM, if it helps:

virtualmin-networking-11363×373 27.6 KB

virtualmin-networking-21349×867 63.5 KB

You’ll need to create the bridge in TrueNAS, it sounds like you may have done this already, and then attach it to the VM as a bridged NIC not a MACVLAN. See step 5 in Creating a Virtual Machine here: https://www.truenas.com/docs/scale/25.04/scaletutorials/instances/#creating-a-virtual-machine.

That did the trick, thank you!

For some reason, the language on the Bridged NIC made it sound like it would not be on the same network as the TrueNAS itself.

The server is up and running, and can proxy to the Docker apps now - thank you, SO much!

I’d like to add something to this topic (and explicitly made a user only to do so) since it was one of the first I found when trying to solve this problem myself. I did not, however, want to make a bridged NIC for this purpose, as I have one physical interface and was worried about making a misstep and losing the connection to my NAS.

What I did instead is the following workaround:

For the explanation, lets say my home network looks like this:

Network 192.168.2.0/24
Router 192.168.2.1
NAS 192.168.2.20
VM 192.168.2.21

The workaround:

1. Add a route in the VM to 192.168.2.20/32 via 192.168.2.1
2. Add a route in TrueNAS to 192.168.2.21/32 via 192.168.2.1

Now the two devices will explicitly talk to each other via the router and can communicate. Downside: The packets go to the router, get routed, and travel back, wasting bandwidth.

Personally, in my situation, this was an acceptable workaround for what my VM does.