7. Network

The Network section of the administrative GUI contains the following components for viewing and configuring the FreeNAS® system’s network settings:

  • Global Configuration: used to to set non-interface specific network settings.
  • Interfaces: used to configure a specified interface’s network settings.
  • IPMI: configures hardware side-band management should the appliance become unavailable through the graphical administrative interface.
  • Link Aggregations: used to configure link aggregation and link failover.
  • Network Summary: provides an overview of the current network settings.
  • Static Routes: used to add static routes.
  • VLANs: used to configure IEEE 802.1q tagging.

Each of these is described in more detail in this section.

7.1. Global Configuration

Network ‣ Global Configuration, shown in Figure 7.1a, allows you to set non-interface specific network settings.

Figure 7.1a: Global Configuration

_images/network1.png

Table 7.1a summarizes the settings that can be configured using the Global Configuration tab. The hostname and domain will be pre-filled for you, as seen in Figure 7.1a, but can be changed to meet the local network’s requirements.

Table 7.1a: Global Configuration Settings

Setting Value Description
Hostname string system host name
Domain string system domain name
IPv4 Default Gateway IP address typically not set (see NOTE below)
IPv6 Default Gateway IP address typically not set (see NOTE below)
Nameserver 1 IP address primary DNS server (typically in Windows domain)
Nameserver 2 IP address secondary DNS server
Nameserver 3 IP address tertiary DNS server
HTTP Proxy string enter the proxy information for the network in the format http://my.proxy.server:3128 or http://user@password:my.proxy.server:3128
Enable netwait feature checkbox if enabled, network services will not be started at boot time until the interface is able to ping the addresses listed in “Netwait IP list”
Netwait IP list string if “Enable netwait feature” is checked, list of IP addresses to ping; otherwise, ping the default gateway
Host name database string used to add one entry per line which will be appended to /etc/hosts; use the format IP_address space hostname where multiple hostnames can be used if separated by a space

If you will be using Active Directory, set the IP address of the realm’s DNS server in the “Nameserver 1” field.

If your network does not have a DNS server or NFS, SSH, or FTP users are receiving “reverse DNS” or timeout errors, add an entry for the IP address of the FreeNAS® system in the “Host name database” field.

Note

in many cases, a FreeNAS® configuration does not include default gateway information as a way to make it more difficult for a remote attacker to communicate with the server. While this is a reasonable precaution, such a configuration does not restrict inbound traffic from sources within the local network. However, omitting a default gateway will prevent the FreeNAS® system from communicating with DNS servers, time servers, and mail servers that are located outside of the local network. In this case, it is recommended to add Static Routes in order to reach external DNS, NTP, and mail servers which are configured with static IP addresses. If you add a gateway to the Internet, make sure that the FreeNAS® system is protected by a properly configured firewall.

7.2. Interfaces

Network ‣ Interfaces is used to view which interfaces have been manually configured, to add a manually configured interface, and to edit an interface’s manual configuration.

Note

typically the interface used to access the FreeNAS® administrative GUI is configured by DHCP. This interface will not appear in this screen, even though it is already dynamically configured and in use.

Figure 7.2a shows the screen that opens when you click Interfaces ‣ Add Interface. Table 7.2a summarizes the configuration options when you add an interface or edit an already configured interface. Note that if any changes to this screen require a network restart, the screen will turn red when you click the “OK” button and a pop-up message will remind you that network connectivity to the FreeNAS® system will be interrupted while the changes are applied. Click “Yes” to proceed with the network restart or “No” to cancel the operation.

Figure 7.2a: Adding or Editing an Interface

_images/interface.png

Table 7.2a: Interface Configuration Settings

Setting Value Description
NIC drop-down menu select the FreeBSD device name; will be a read-only field when editing an interface
Interface Name string description of interface
DHCP checkbox requires static IPv4 or IPv6 configuration if unchecked; note that only one interface can be configured for DHCP
IPv4 Address IP address set if “DHCP” unchecked
IPv4 Netmask drop-down menu set if “DHCP” unchecked
Auto configure IPv6 checkbox only one interface can be configured for this option; requires manual configuration if unchecked and wish to use IPv6
IPv6 Address IPv6 address must be unique on network
IPv6 Prefix Length drop-down menu match the prefix used on network
Options string additional parameters from ifconfig(8), separate multiple parameters with a space; for example: mtu 9000 will increase the MTU for interfaces that support jumbo frames

This screen also allows you to configure an IP alias for the interface, which allows the interface to be configured with multiple IP addresses. If you wish to set multiple aliases, click the “Add extra alias” link for each alias you wish to configure. To delete an alias, highlight the interface in the tree to access its “Edit” screen. Be sure to check the “Delete” checkbox associated with the alias. If you instead click the “Delete” button at the bottom of this screen, you will delete the whole interface, not just the alias.

When configuring multiple interfaces, they can not be members of the same subnet. Check the subnet mask if you receive an error when setting the IP addresses on multiple interfaces.

When configuring an interface for both IPv4 and IPv6, this screen will not let you set both addresses as primary. In other words, you will get an error if you fill in both the “IPv4 address” and “IPv6 address” fields. Instead, set one of these address fields and create an alias for the other address.

7.3. IPMI

Beginning with version 9.2.1, FreeNAS® provides a graphical screen for configuring an IPMI interface. This screen will only appear if the system hardware includes a Baseboard Management Controller (BMC).

IPMI provides side-band management should the system become unavailable through the graphical administrative interface. This allows for a few vital functions, such as checking the log, accessing the BIOS setup, and powering on the system without requiring physical access to the system. IPMI can also be used to allow another person remote access to the system in order to assist with a configuration or troubleshooting issue. Before configuring IPMI, ensure that the management interface is physically connected to the network. Depending upon the hardware, the IPMI device may share the primary Ethernet interface or it may be a dedicated IPMI interface.

Warning

it is recommended to first ensure that the IPMI has been patched against the Remote Management Vulnerability before enabling IPMI. This article provides more information about the vulnerability and how to fix it.

IPMI can be configured from Network ‣ IPMI. This IPMI configuration screen, shown in Figure 7.3a, provides a shortcut to the most basic IPMI configuration. If you are already comfortable using the BMC’s utilities, they can be used instead. Table 7.3a summarizes the options when configuring IPMI using the FreeNAS® GUI.

Figure 7.3a: IPMI Configuration

_images/ipmi1.png

Table 7.3a: IPMI Options

Setting Value Description
Channel drop-down menu select the channel to use
Password string input the password used to connect to the IPMI interface from a web browser
DHCP checkbox if left unchecked, the following three fields must be set
IPv4 Address string IP address used to connect to the IPMI web GUI
IPv4 Netmask drop-down menu subnet mask associated with the IP address
IPv4 Default Gateway string default gateway associated with the IP address
VLAN ID string input the VLAN identifier if the IPMI out-of-band management interface is not on the same VLAN as management networking

Once configured, you can access the IPMI interface using a web browser and the IP address you specified in the configuration. The management interface will prompt for a username and the password that you configured. Refer to the documentation for the IPMI device to determine the default administrative username.

Once you have logged into the management interface, you can change the default administrative username as well as create additional users. The appearance of the utility and the functions that are available within the IPMI management utility will vary depending upon the hardware.

7.5. Network Summary

Network ‣ Network Summary allows you to quickly view the addressing information of every configured interface. For each interface name, the configured IPv4 and IPv6 address(es), DNS server(s), and default gateway will be displayed.

7.6. Static Routes

By default, no static routes are defined on the FreeNAS® system. Should you need a static route to reach portions of your network, add the route using Network ‣ Static Routes ‣ Add Static Route, shown in Figure 7.6a.

Figure 7.6a: Adding a Static Route

_images/static.png

The available options are summarized in Table 7.6a.

Table 7.6a: Static Route Options

Setting Value Description
Destination network integer use the format A.B.C.D/E where E is the CIDR mask
Gateway integer input the IP address of the gateway
Description string optional

If you add any static routes, they will show in “View Static Routes”. Click a route’s entry to access its “Edit” and “Delete” buttons.

7.7. VLANs

FreeNAS® uses FreeBSD’s vlan(4) interface to demultiplex frames with IEEE 802.1q tags. This allows nodes on different VLANs to communicate through a layer 3 switch or router. A vlan interface must be assigned a parent interface and a numeric VLAN tag. A single parent can be assigned to multiple vlan interfaces provided they have different tags.

Note

VLAN tagging is the only 802.1q feature that is implemented. Additionally, not all Ethernet interfaces support full VLAN processing–see the HARDWARE section of vlan(4) for details.

If you click Network ‣ VLANs ‣ Add VLAN, you will see the screen shown in Figure 7.7a.

Figure 7.7a: Adding a VLAN

_images/vlan.png

Table 7.7a summarizes the configurable fields.

Table 7.7a: Adding a VLAN

Setting Value Description
Virtual Interface string use the format vlanX where X is a number representing a vlan interface not currently being used as a parent
Parent Interface drop-down menu usually an Ethernet card connected to a properly configured switch port; note that newly created Link Aggregations will not appear in the drop-down until the system is rebooted
VLAN Tag integer number between 1 and 4095 which matches a numeric tag set up in the switched network
Description string optional

The parent interface of a vlan has to be up, but it can have an IP address or it can be unconfigured, depending upon the requirements of the VLAN configuration. This makes it difficult for the GUI to do the right thing without trampling the configuration. To remedy this, after adding the VLAN, go to Network ‣ Interfaces ‣ Add Interface. Select the parent interface from the “NIC” drop-down menu and in the “Options” field, type up. This will bring up the parent interface. If an IP address is required, it can be configured using the rest of the options in the “Add Interface” screen.