TrueNAS Dedicated Management Interface

Computer Hardware & Server Infrastructure Builds
1

Hello,
I have TrueNAS 12.0 configured with multiple NICs, each going to separate VLANs on my switch. I’d like to configure a dedicated management interface, but cannot get it working reliably. All my internet searching keeps bringing up results for IPMI which is not applicable. Here are the details:

em0: 192.168.11.11/24 Management
em1: 192.168.12.1/24 iSCSI
em2: 192.168.0.5/24 SMB
Default gateway: 192.168.11.1
No static routes

I have the services (General > Web ui, iSCSI, SSH, SMB) each bound to the correct IPs. Layer 3 for the VLANs and rules are all handled by pfSense and work fine.

Now for the issue: My workstation is IP 192.168.0.120. I can connect to the SMB shares fine with no issues. However, when I try to access the management interface, it works for a few seconds then the connection drops. I’m thinking it has something to do with my workstation being on 192.168.0.0/24, and since there is already an interface on that subnet, TrueNAS is sending reply traffic out 192.168.0.5 instead of 192.168.11.11? But then why would some traffic pass before it drops? Maybe TrueNAS is “load balancing” between routes? It’s like I need to get TrueNAS to understand this:
source 192.168.11.11 dest any via 192.168.11.1
source 192.168.0.5 dest any via 192.168.0.1

If I remove the configuration from em2 interface, I can access management fine with no drops, but obviously SMB becomes broken.

Any ideas?

2

Google vlan 0 …

Probably best to switch to 10 and higher for your vlan subnets.

3

This is a bit of a workaround, but actually in this case I would approach this problem by using “hairpin NAT” or “NAT Loopback” in the router, if it has sufficient flexibility to allow it. Mikrotik RouterOS, PFSense, and OPNSense can do this. You would create a rule like:
Source: 192.168.0.0/24 (or can choose the source interface)
Destination: 192.168.11.11
Action: Source NAT
Source IP: 192.168.11.1

Now all packets going through the router from 192.168.0.0/24 to the management IP will have their source changed to 192.168.11.1. This resolves the routing issue that TrueNAS is having, but means that in your TrueNAS logs you won’t know what IP someone was logging in from - anything in 192.168.0.0/24 would show as 192.168.11.1.

1 Like
4

That is a fantastic idea! Works great as I have all interfaces active on TrueNAS now with no drops. I only have a few hosts allowed to access management network anyway, so I setup the NAT with /32 rules. Thank you!