in Zone configuration I have three NICs configured. eth3 as native red, eth1 and eth2 as native green and eth2 also as VLAN2 on orange.
eth2 is linked to a TP-LINK switch on which I configured the uplink port 1 as VLAN 1 + 2, port 2 as VLAN2 and port 3 as VLAN 1 + 2.
On port 2 I run a little server as a nextcloud system with ip 10.0.0.2. This works pretty well.
But when I run a TrueNAS Server or Ubuntu Server on port 3 and place a virtual Machine or virtual NIC in it that I can ping it from green (10.0.0.3) but am not able to establish a stable connection between my green network on eth1 and the virtual NIC in the VM. I am able to establish a connection between the server on port2 and the virtual NIC on port 3.
The physical NIC of the servers are in the 192.168.1.x area.
I observed DROP_CTINVALID entries in the ipfire log so I guess its a problem with conntrack here. Any idea about that?
Virtual NIC and VM.
Would you please expand a bit the current network configuration of green, orange and physical/virtual? Hosts and guests, at least for Subnets and addresses.
@pike_it , thanks for your reply. Here I give a short picture and some more information.
If I run iperf3 -s --bind-dev vlan2 on TrueNAS i can connect with iperf3 client on 10.0.0.2. But if I try to run iperf3 client on 192.168.1.20 i do not get a response. But from 192.168.1.20 i can ping 10.0.0.3.
But I also have to say, that I’m still new in network configuration.
Therefore.
I assume that Green adapter IPFire address is 192.168.1.1.
Red adapter address does not matter (unless it’s 192.168.1.x or 10.0.0.x)
Orange adapter address should be 10.0.0.1, and should be a VLAN connection (id2)
Am i correct?
These info are missing into your PDF, but thanks anyway for providing that.
Truenas host has 1 network adapter
Untagged vLAN 192.168.1.19
vlan tag ID2 10.0.0.2
But: Nextcloud have the same ip address (10.0.0.2)?
I’m borrowing this screen from ESXi, but as a matter of fact is the same reasoning is behind any container or virtualization arrangement.
these are phisical adapters
At least a virtual switch is needed to connect VM/containers to phisical adapters, and as any subnet, addresses should not overlap. The phisical network address must be different from many virtual adatpter address into your host (for VMs or containers)
Also, if there’s any “aqua” zone (used usually for network between containers and the host), subnet must not overlap with any existent and ipFire should know how to reach it (static route) while i guess the container management should help you to publish some way the address/hostname…
Dear @pike_it, thanks for your answer. First of all, i did a mistake in my picture. The yellow one (vlan2 adapter on TrueNAS) hast 10.0.0.3, so it does not conflict with nextcloud server.
Yes, and the Orange is 10.0.0.1 and green is 192.168.1.1 on ipfire.
What do you mean here. In the setup of ipfire one can not assign a VLAN ID to an adapter. It is only possible to do it in the web interface as shown in my picture.
Truenas doesn’t have a vLAN adapter 192.168.1.19. It is the physical adapter that has this (enp1s0 in my picture). In the GUI of TrueNAS i have not found a way to create virtual switches. There are a lot of other adapters right out of the box not shown here, i.e.
3: kube-bridge: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 36:65:75:8e:99:57 brd ff:ff:ff:ff:ff:ff
inet 172.16.0.1/16 brd 172.16.255.255 scope global kube-bridge
valid_lft forever preferred_lft forever
4: kube-dummy-if: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default
link/ether 8a:0c:54:7a:94:f3 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.10/32 scope link kube-dummy-if
valid_lft forever preferred_lft forever
inet 172.17.0.1/32 scope link kube-dummy-if
valid_lft forever preferred_lft forever
These are not shown in the web interface. In the web interface its also possible to create bridge devices.
So I am a bit confused and do not know where to go from here.
