January 8, 20233 yr Hi all, I have an issue I'm not sure how to fix. I have NextCloud and Swag set up and running great using the latest Space Invader One tutorial. My network has several different VLAN's with my Sonos Audio gear on VLAN 20. I use a UDM Pro for my networking, but the UDM pro doesn't route/relay multicast traffic across VLAN's very well. i solved this using Sycto's Mutlicast relay. I used to run this in PodMan on the UDM Pro, but just moved it to Docker on UnRaid. In order to do so, I had to set up all of my VLAN's in Networking on the UnRaid, which I had already done, but I had the IP addresses for each VLAN set to none. This worked fine for NextCloud, but resulted in errors with the Multicast Relay container. Adding IP Addresses for the VLAN's fixes the Mulitcast Relay container and it runs as expected, but once I do that I can no longer access my NextCloud instance. Any ideas of why adding these IP's in the VLAN settings is messing with Nextcloud? If it matters any, my Swag and Nextcloud are running on a custom docker network. Thanks!
January 19, 20233 yr Author I've done a bit more digging and discovered if I put my PC on the same VLAN as my UnRaid, I can still get to my NextCloud no problem. But from any other VLAN, I can't. I have four VLANS. If I'm not on my home network I can also reach my NextCloud. Interestingly enough, I can get to the default SWAG page by navigating to my UnRaid IP and the SWAG port I am using (1443), 1 - Core VLAN - UnRaid lives on this VLAN 2 - Private VLAN - For trusted devices - my PC normally lives here 3 - IoT VLAN 4 - Video VLAN
January 19, 20233 yr On 1/9/2023 at 7:38 AM, dbs179 said: Any ideas of why adding these IP's in the VLAN settings is messing with Nextcloud? The difference of add IP was it make a routing for the corresponding subnet, otherwise it route through management lan, checkt does this the issue.
January 19, 20233 yr Author 3 hours ago, Vr2Io said: The difference of add IP was it make a routing for the corresponding subnet, otherwise it route through management lan, checkt does this the issue. That makes sense what you are saying and is what I'm seeing when I add the IP's to VLAN's. What I don't understand is why I can't reach my SWAG/NextCloud once I do, unless I'm on the management LAN. I can ping my UnRaid IP Address from my Private VLAN and access the GUI with the IP Addresses added to the VLAN's, so I don't think it is a network/firewall issue.
January 20, 20233 yr Wow. Your problem sounded exactly like mine. I had this as well, and only until last Dec, i got everything sorted. When you say you cannot access nextcloud from private vlan, are you trying to access it through your subdomain.domain.com or by IPaddress:Port?
January 20, 20233 yr Author 16 hours ago, jfoxwu said: Wow. Your problem sounded exactly like mine. I had this as well, and only until last Dec, i got everything sorted. When you say you cannot access nextcloud from private vlan, are you trying to access it through your subdomain.domain.com or by IPaddress:Port? I normally access it from subdomain.domain.com from inside and outside my network. After changing the VLAN settings, I can no longer do that unless I'm on the "Core" VLAN or outside my network. I also can not access it from IPAddress:port either, but if I do IP Address:SWAG DOCKER PORT I can get to the default webpage of SWAG. Edited January 20, 20233 yr by dbs179
January 20, 20233 yr If you can use domain name to access your services from within your home, I think you already have something like NAT reflection enabled (or perhaps split DNS)? However, since you said you can still get access as long as you are on the core vlan through domain name, I am guessing you might have asymmetric routing happening. You might want to start using tracert (on windows) and traceroute (Linux) from your each vlan to check the routing path from your server to device and vice-versa. If they take different path, then your firewall will most likely block the tcp connection from establishing. Edited January 20, 20233 yr by jfoxwu
January 27, 20233 yr Author I thought it might be a firewall rule also, but the more I dig into it the less I think that is right. From my "Private" VLAN, I can reach my UnRaid GUI, which is on the "Core" VLAN even with the IP Addresses added to each VLAN in UnRaid Network Settings. As I mentioned, I can also get to the default SWAG webpage using my UnRAID IP address and the SWAG Port. I did do a tracert while on each VLAN. From the Core VLAN where everything works I only have one hop, right to the UnRaid Server. From my Private VLAN it takes two hops, one to the default gateway of that VLAN and then onto the UnRaid Server. While on the Private VLAN I can ping the UnRaid IP, as well as my Domain Name. I'm using a Unifi UDM Pro for my router. I've added a rule for WAN In, WAN Local, LAN In, and LAN Local to accept all traffic between my Private VLAN Network and my UnRaid IP Addresses and that still hasn't changed anything. This is really stumping me, but I don't know a ton about networking, Docker Containers, or Reverse Proxies to really sort out where the issue lies. Edited January 27, 20233 yr by dbs179
February 7, 20233 yr Can you post screen captures of your unraid's "Networking Setting" page? Also, did you try traceroute from your server to devices on private vlan? You want to compare the path taken by: 1. device_on_private to server_on_core 2. server_on_core to device_on_private Edited February 7, 20233 yr by jfoxwu
August 6, 20232 yr On 27/1/2023 at 16:57, dbs179 said: Pensé que también podría ser una regla de firewall, pero cuanto más indago, menos creo que sea correcto. Desde mi VLAN "Privada", puedo acceder a mi GUI de UnRaid, que se encuentra en la VLAN "Core", incluso con las direcciones IP agregadas a cada VLAN en la configuración de red de UnRaid. Como mencioné, también puedo acceder a la página web SWAG predeterminada usando mi dirección IP UnRAID y el puerto SWAG. Hice un tracert mientras estaba en cada VLAN. Desde Core VLAN donde todo funciona, solo tengo un salto, directamente al servidor UnRaid. Desde mi VLAN privada, toma dos saltos, uno a la puerta de enlace predeterminada de esa VLAN y luego al servidor UnRaid. Mientras estoy en la VLAN privada, puedo hacer ping a la IP de UnRaid, así como a mi nombre de dominio. Estoy usando un Unifi UDM Pro para mi enrutador. Agregué una regla para WAN In, WAN Local, LAN In y LAN Local para aceptar todo el tráfico entre mi red VLAN privada y mis direcciones IP UnRaid y eso todavía no ha cambiado nada. Esto realmente me deja perplejo, pero no sé mucho sobre redes, Docker Containers o Reverse Proxies para resolver realmente dónde radica el problema. Hello, have you managed to solve the problem? The exact same thing happens to me, I have been investigating for days and I am not able to solve. Thanks
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.