Jump to content

Docker is available on my vlan but is hosted on the main IP at the same time


Recommended Posts

Good evening,

 

I'm trying to host a docker container on my VLAN 12 (br0.12) and my Unraid server is only joinable on the interface br0 (native vlan 11 on my network). No IP set for Unraid in Vlan 12. All networks described are /24.

 

Example for a docker container :

VLAN 12 (br0.12) on a static IP like x.x.12.253:3000 (joinable, everything is fine)

But if I enter the IP address of my Unraid server (like if it's hosted) on my native VLAN x.x.11.254:3000, I can reach my docker that should only be set for Vlan 12, and should only be joined via x.x.12.253:3000. My docker is joinable via 2 different IPs, 2 different network.

 

I did try disabling the bridge mode in the settings and then it's not available anymore on 11.254:3000 (that's what I want to achieve), but I also broke my VMs because I don't have a bridge anymore (vibr0). Because it goes from br0 to eth0 and same for the VLANs (br0.12 to eth0.12)

 

In the docker settings I disabled the option "Host access to custom networks". That does not do what I wanted too. (because brO and br0.12 are described as Custom in the list of network type when choosing for dockers)

 

It's like choosing between VMs or good network isolation but I can't have both.

If I want the same docker in 2 distinct networks, I would create 2 dockers (not the same on 2 networks)

 

I did read a lot of topics about networking for Unraid, and I'm almost sure you would like me to buy a second NIC. But then, what's the point of VLANs if I have to buy a NIC only to have a docker on another network and at the same time host VMs on the first NIC ? (If I want a VM in my VLAN 12 I assume the same problem would occur again with a second NIC)

 

What is the point of the Bridge interface with multiple VLAN ? (for me it's like having a network leak)

Is their a way to block this from happening while in bridge mode ? Or is their a way to put my VMs directly on eth0 instead of br0 (like from vibr0 to vieth0 or something like that)

 

Should I create a create different networks ?

  • My LAN (VLAN 11 in my network)
  • The Unraid administration (but with all dockers from others VLAN hosted too, in like VLAN 20 in my network)
  • And one like my vlan 12 with the docker container described above
  • etc

But then I have hosted dockers that would be on another netowork from my personal LAN.

 

I'm managing access between my VLANs with my L3 Switch.

 

I'm a bit tired of breaking everything appart with my Unraid server, so I'm now asking you what should I do.

 

I hope I gave enough information for you to understand what I'm trying to do.

Thanks for your time

  • Like 1
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...