When having multiple interface with different service bind to each, network traffic is not behaving as expected

TrueNAS General
1

Here is my setup. Client network: 10.0.0.0/24. Management network: 10.0.10.0/24.
TrueNAS has 2 interfaces that each connect to an individual network. The GUI is bound to the 10.0.10.5 IP. And SMB/NFS is bound to the 10.0.0.5 IP.
Scenario 1:
Device with IP 10.0.0.2 on the client network connects to SMB via 10.0.0.5. Connection work.
Scenario 2:
Device with IP 10.0.0.2 on the client network connects GUI via 10.0.10.5. Connection work.
Scenario 3:
Device with IP 10.0.10.10 from the management network connects GUI via 10.0.10.5. Connection work.
Scenario 4:
Device with IP 10.0.10.10 from the management network connects SMB via 10.0.0.5. Connection time out.

It seems that if a device is on the same network as any of the TrueNAS interfaces and tries to connect to a service that is on a different network on TrueNAS, the traffic will NOT return correctly. (The responding packets are sent out from the interface that is on the same network as the client device instead of the interface where the request comes in originally.)

How do I fix this?

2

Well you can be a lot clearer about how you have things set up.

Subnet Masks for instance would be very helpful.
Are these physical networks, or virtual networks

etc

4

I would think /24 would state it’s 255.255.255.0.
The network can be physical or virtual, depending on which section you are looking at.

5

How are gateway and DNS set?

6

Sorry - for some reason I didn’t see the /24

I woiuld still need a lot more info.
Can you do a network diagram please

Will also need the gateways on the TN device AND the remote devices. Are you using the TN as the default gateway for all devices as it looks to me that the 10.0.10.10 does not have a route to 10.0.0.0/24 and probably has a gateway elsewhere

7

TN gateway is 10.0.10.1
The network is a straightforward router-on-a-stick setup. I can’t upload on this account, so you will have to imagine it.

8

There is a little exercise you can follow to be able to post pictures here. Unfortunately I don’t know what it is. Maybe someone else who knows can post it so the OP can follow it and post a picture

9

Just FYI, there everything else on the network is working fine. Even ping in Scenario 4 would work. Just not any other traffic.

10

Also, if I delete the client network interface on TN and unbind all services, SMB would work. This also can confirm the networking side outside of the TN is working properly.

11

Summon Beetlejuice the friendly forum bot:

@TrueNAS-Bot start tutorial
12

2
2819×695 34.3 KB

13

And what is the router?
Is it a plain router, or a firewall as well?

14

it’s a firewall. but irrelevant to the issue. Just think it has all-all policy in place without any other control.

15

What is the default gateway for the TN box?
I assume 10.0.0.x/24?

Ignore my previous note - it was rubbish - potentially

16

That is correct behavior for the network stack. If the destination IP is on a network that is directly attached to the host then the traffic is routed out via that interface. Various anti-spoofing features will see the traffic as not coming in from the network it should and block it.

I am not sure if there is a simple fix for this behavior.

1 Like
18

Thats what I was trying to say - but got it all screwed up.

:grinning: