I have been thinking a lot about networking the last week and I am wondering what the actual advantages are for VNET v Aliases (o/i)n a simple setup.
I have a home setup with items like: Plex (media server), Nexcloud, Backup, etc and I’m not really seeing a major reason to do VNET. I’m not going to isolate networks, firewalling, filtering, etc… What am I missing?
I’m working on my next solution for A(core)D and ultimately, I want to setup “template system” for myself to allow for a quick way to get a jail spun-up as simply as possible but templates/recipes/etc is really a separate topic/hurdle to the network setup. -i.e. I’m not really interested in taking on any more complexity than necessary if I don’t have to.
So, basically, what’s wrong with NIC aliases?
EDIT: This post was modified to include the CORE tag. I have removed it so no one thinks the code within can be run in CORE safely. Please do not run code in CORE.
At the end of the day, I really need to get better with networking so, I’ll have to find a better resource for setting up VLANs. I’ve been playing around the last few days but I hate guessing.
So, in your case you have major issues with updates and templates.
I have a hard time figuring out why one would actively want to avoid VNET.
Woo lah dee dah, four IP addresses included! Do you have any idea how hard I have to beg for the privilege of paying for additional addresses? A colleague tried to order a few when we were upgrading a link, and the ISP just said “nope” (I think the expression was “I’ll need to escalate that request”). Did I mention they burn a whole freaking /30 for every single connection they give us on the one pair of fibers? And it’s like five or six of them.
At least we did convince them to finally just give let us directly access the 10GBase-LR rather than force some crap CPE down our throats.
@pmh Very professional. …*sheepishly* I have a Mini.
@ericloewe Because I’m been playing with VNET for the last few days and I cannot get it to work. Everything looks “fine” and I’m currently in a config nightmare (where I’ve reconfigured so many times I don’t know what is and what isn’t a good config) which is just not a good spot to be in. PF can go away and sysctl.conf can too. I’m honestly starting to think its a hardware issue. But my thought was what is wrong with aliases; why am I fighting this battle for almost no gain. My problems will be jail updates and whatnot, not network issues (these jails are LAN only).
4 usable IP addresses included. The rest of that /29 unfortunately goes to necessary infrastructure:
one address for the default gateway
one address for the NAT64 jail
You get a /64 of course, so you can have 4 dual stack jails and as many IPv6 jails with NAT64 and an SNI proxy for web applications as the server can reasonably hold.
More IPv4 available if paid for.
I’ll go native jail.conf and get something typed up for demonstration. It would be really nice if someone else could test my method because I’ve tried everything.
This is a “new” server. I bought a used Lenovo mini (or tiny) pc to play on while I figure out my next moves.
But you said something that has me on a thought (after I type this, I’m going to find my laptop and log into my “server” to check). You said the IP of the NAS goes to the bridge. I was assigning the IP of the router to the bridge (i.e. 192.168.0.1). Did you just fix my problem!!??
Either the bridge for the jails is on a dedicated port in which case the NAS does not need an IP address on that port at all - VNET jails all run their own IP like a VM would - or the jails share the single port with the NAS itself. In that case the NAS IP address must be on the bridge, not on the physical interface.
The jails are then bridged to your LAN like VMs would be in the most simple of setups.
Once you are familiar with that of course you can get fancy. E.g. have an isolated bridge with no physical port at all and have the host be the default gateway for all the jails. And an additional isolated bridge to connect the jails with each other, because one runs the database server and all the others various applications. Etc. etc.
Knowing how jails work in plain FreeBSD with jail.conf will not help you with TrueNAS where you must use the iocage jail manager. You are aware of that?
Correct. I do. My current plan is keep my TrueNAS as a NFS server (since it is showing its age) and purchase a few of these tiny (or mini or whatever they’re called) to act as servers for my different jails running stock FreeBSD. -e.g. I can have one for media, and one for development, another for kids, etc…
I ran the commands and assigned the IP of the machine to the bridge and it didn’t work. However! I was typing fast and most likely messed it up (I wanted to reply to you before I had to jump into a meeting for work). I will do it again and post an ifconfig later.
