March 16, 20242 yr Hi, I have a container, namely Adguard-Home assigned to the Br0 (ipvlan) docker network. By default, this IP address on my LAN is not pingable from my unraid server, but is from any other device on my LAN. So, I have enabled the setting "host access to custom networks" in docker settings. Is this the same thing as promiscuous mode on the host's network interface? Anyway, this setting has allowed access to the ipvlan from the host. However, two strange issues still persist: 1. The console doesn't work from within the container - (docker exec -it appname sh) 2. Chrome gives a big warning the site is dangerous despite a valid cert. Any ideas why? Just trying figure out what's going on under the hood.
March 16, 20242 yr Author After a looking a bit further, the setting "host access to custom networks" seems to create an additional network interface with the command as follows: ip link add shim-br0 link br0 type macvlan mode bridge ip link set shim-br0 up ip route add 192.168.1.0/25 dev shim-br0 ip route add 192.168.1.128/25 dev shim-br0 As such a route entry is created. It seems then the host is connected to two virtual interfaces, one bonded with br0 and the other bonded with shim-br0. This is probably why Chrome cries foul when a request is routed via a docker bridge network and then via the host (br0 and shim-br0 networks) to a container in the br0 network.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.