Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Docker container default gateway issue

Featured Replies

I have a installed a second NIC in my server on a VLAN to segment docker traffic. I have bridging enabled (br2). The issue I'm seeing is that the docker container that gets attached to br2 is not picking up the gateway of the host interface.

 

 

Screenshot 2024-10-20 at 7.23.41 PM.png

Screenshot 2024-10-20 at 7.24.32 PM.png

Screenshot 2024-10-20 at 7.25.23 PM.png

Solved by bmartino1

You have a weird and intresting network setup here

review all the videos here:


you docker network setup is weird and may need other setting and a different addition to your network setup.

Post diagnostic so we can see the entire network tree and setting to help correct thus issue,

?vlans?

  • Community Expert
1 hour ago, ridewithjoe said:

I have a installed a second NIC in my server on a VLAN to segment docker traffic. I have bridging enabled (br2). The issue I'm seeing is that the docker container that gets attached to br2 is not picking up the gateway of the host interface.

You need to stop the docker service (or array) and configure network settings for docker under Settings > Docker.
This is an additional step for docker networking.

Once configured there it will show up in template network type section.

  • Author
1 minute ago, tjb_altf4 said:

You need to stop the docker service (or array) and configure network settings for docker under Settings > Docker.
This is an additional step for docker networking.

Once configured there it will show up in template network type section.

I have done this.... that is not the issue... the issue i that the container is not using the default gateway that is assigned to br2. The other custom networks are operating properly.

 

I know my setup is a bit different. I am deliberately configuring a trunk interface with VLANs so that I can set certain docker containers to run on specific network subnets. 

nasvm-diagnostics-20241020-2105.zip

ok then we will need the docker inspect command.

as by default your docker network is set to using br0 and is brdigeing there.

docker network inspect ####
https://docs.docker.com/reference/cli/docker/network/inspect/

this will tell us what your network assigned is using... again you may need to resetup a docker network to use it properly...

  • Community Expert
21 minutes ago, ridewithjoe said:

I have done this.... that is not the issue... the issue i that the container is not using the default gateway that is assigned to br2. The other custom networks are operating properly.

 

I know my setup is a bit different. I am deliberately configuring a trunk interface with VLANs so that I can set certain docker containers to run on specific network subnets. 

nasvm-diagnostics-20241020-2105.zip 325.92 kB · 1 download

Docker network config only has references to vlans under br2, and br2 is not configured.
DOCKER_CUSTOM_NETWORKS="br2.10 br2.80 br2.90 "

Docker networking settings probably needs a refresh.

  • Author
19 minutes ago, bmartino1 said:

ok then we will need the docker inspect command.

as by default your docker network is set to using br0 and is brdigeing there.

docker network inspect ####
https://docs.docker.com/reference/cli/docker/network/inspect/

this will tell us what your network assigned is using... again you may need to resetup a docker network to use it properly...

I know by default that br0 is where docker is bridging... I'm using a custom config.

 

I have 4 network interfaces.... configured into two 802.11ad bonds. bond0 and bond2.

 

bond0 is the admin interface for unraid on a management vlan.

bond2 is the interface that is a trunk interface for multiple vlans. Some dockers are on br2.80

br2 - is on vlan 60 the native vlan for the trunk.

Additional vlans are:

br2.10

br2.80

 

The bond2 interface is assigned an ip of 10.168.60.245/24 with a gateway of 10.168.60.254

 

I have several docker containers running on br2.80 and they are running fine. They show the proper gateway however the containers on vlan 60 should be showing the same host interface default gateway of 10.168.60.254 however they are getting a gateway of 10.168.60.1.  The docker network doesn't seem to pickup the default gateway of that host interface but the sub interface is getting the gateway I have assigned. in the custom network just fine. There should be a simple way to assign a custom default gateway for a container.

 

The output of 'docker network inspect br2':
[
    {
        "Name": "br2",
        "Id": "17ca4604ab87ae68e47df153062a8bbdb7e45466e5f95e1099a8d4efffb4714c",
        "Created": "2024-10-20T18:18:34.938423495-04:00",
        "Scope": "local",
        "Driver": "ipvlan",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "10.168.60.0/24",
                    "AuxiliaryAddresses": {
                        "server": "10.168.60.245"
                    }
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {},
        "Options": {
            "parent": "br2"
        },
        "Labels": {}
    }
]

 

 

The output of 'docker network inspect br2.80':

[
    {
        "Name": "br2.80",
        "Id": "f22dcc51a4a813565fcc3385354c2c34e28a73f836151fe6ba25c62cc6ddb91a",
        "Created": "2024-10-20T18:18:35.256187663-04:00",
        "Scope": "local",
        "Driver": "ipvlan",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "10.168.80.0/24",
                    "Gateway": "10.168.80.254"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "7a7642e1c24a2409ef5aa31c8293c9c2b14c66bfae19c6247de32d1b3632bfdb": {
                "Name": "bhdelugevpn",
                "EndpointID": "a7db7f8ae3ae19cc49566e306ab334a400a4f5f15ea5fc2ef434b76a8ac4f417",
                "MacAddress": "",
                "IPv4Address": "10.168.80.1/24",
                "IPv6Address": ""
            },
            "f51bea5753b086b0af16d303a6c1773715b1b8b0ef91a599749b1a510b88eb8c": {
                "Name": "plex",
                "EndpointID": "ebc4596d489b6242b007adb4f92ca75526046750300dfc26dc367b254269703f",
                "MacAddress": "",
                "IPv4Address": "10.168.80.10/24",
                "IPv6Address": ""
            }
        },
        "Options": {
            "parent": "br2.80"
        },
        "Labels": {}
    }
]

 

i saw the 4 nic per digan thanks for posting, i need to digest this to further assist.

You may need to add a custom ip rout to unraid. to fix this. Your fighitng vlan traffic briding on unraid. I don't remober the comands nor route info to assit and will take a deeper look to assist.
 

You will need to setup vlan trunking for unraid to get docker gateway access.

  • Solution

Please correct me If I'm misunderstanding you correctly...
 

Your Netowrk Problem Analysis:

Your br2 is associated with VLAN 60, which has a subnet 10.168.60.0/24 with a gateway set at 10.168.60.254. You also have a network br2.80 associated with VLAN 80, with a subnet 10.168.80.0/24 and gateway 10.168.80.254. Containers on br2.80 seem to work correctly, but containers on br2 (VLAN 60) are getting the wrong gateway (10.168.60.1), while you intend them to use 10.168.60.254.


Summary of Key Actions to follow and check:

1 Explicitly Define Gateway in Docker Network.

2 Restart or Recreate Containers to Update Network Settings.

3 Verify Routing Tables on Unraid.

4 Use Docker Options to Set Specific Gateways.


Since your br2 is associated with VLAN 60, which has a subnet 10.168.60.0/24 with a gateway set at 10.168.60.254. You also have a network br2.80 associated with VLAN 80, with a subnet 10.168.80.0/24 and gateway 10.168.80.254. Containers on br2.80 seem to work correctly, but containers on br2 (VLAN 60) are getting the wrong gateway (10.168.60.1), while you intend them to use 10.168.60.254.

1.
Check Docker Network Configuration: The Docker network inspect br2 output doesn't show a defined gateway, which might lead Docker to auto-assign one. This auto-assigned gateway could be 10.168.60.1, which is incorrect.

Action: We Explicitly specify the gateway for the br2 network in Docker....
we will need to recreate br2 and the docker network...

docker network rm br2
docker network create \
  -d ipvlan \
  --subnet=10.168.60.0/24 \
  --gateway=10.168.60.254 \
  -o parent=br2 \
  br2


2. 

Check Docker Container Configurations: Verify that containers using br2 are configured correctly to use the br2 network. Sometimes, containers may retain old configurations, or they might not automatically update when the network configuration changes.
 

Action: Restart or recreate affected containers using the updated br2 network to apply the changes:

 

docker restart <container_id>
# or recreate the container if needed
docker rm -f <container_id>
docker run --network=br2 <your_container_image>

To confirm doecker is using the br2 created above. tempale eidt should see this and be fine...

3.
check ip route
Confirm that the gateway for 10.168.60.0/24 points to 10.168.60.254 and not some other IP. If there’s a misconfigured route, you can add a default gateway for the VLAN 60 subnet:

add additional iprout:
 

ip route add default via 10.168.60.254 dev br2

 

Additionally, check if there are any conflicts between VLAN interfaces or IP tables that might be overriding the intended gateway. at router level. trunking needs to be enabled there...

4.
Docker Default Gateway Setting: If you want containers on br2 to use a specific gateway, you may explicitly set a default route for each container using Docker’s --default-gateway option
https://forums.docker.com/t/setting-default-gateway-to-a-container/17420

example docker run command:
 

docker run --network=br2 --default-gateway=10.168.60.254 <your_container_image>


seen in docs:
https://docs.docker.com/engine/network/tutorials/standalone/

https://docs.docker.com/engine/network/

https://stackoverflow.com/questions/45613476/docker-how-to-control-define-default-gateway-settings

  • Author
1 hour ago, bmartino1 said:

1.
Check Docker Network Configuration: The Docker network inspect br2 output doesn't show a defined gateway, which might lead Docker to auto-assign one. This auto-assigned gateway could be 10.168.60.1, which is incorrect.

Action: We Explicitly specify the gateway for the br2 network in Docker....
we will need to recreate br2 and the docker network...

docker network rm br2
docker network create \
  -d ipvlan \
  --subnet=10.168.60.0/24 \
  --gateway=10.168.60.254 \
  -o parent=br2 \
  br2

 

This resolved the issue…. I find it odd that you cannot define the getaway in the UNRAID GUI. You can see that it is not defined but there is no capability to edit it.

  • Community Expert
52 minutes ago, ridewithjoe said:

 

This resolved the issue…. I find it odd that you cannot define the getaway in the UNRAID GUI. You can see that it is not defined but there is no capability to edit it.

you mean like this?
image.png.da4937af1e56cb4a911e7d70b32ede2d.png

  • Author
9 minutes ago, tjb_altf4 said:

you mean like this?

Yes exactly except in my case br2 is not editable

 

 

IMG_0290.jpeg

  • Community Expert
14 minutes ago, ridewithjoe said:

Yes exactly except in my case br2 is not editable

It would be due to having an IP on the interface, although its curious that it was picking up the wrong gateway.
No IP on interface. and it becomes editable.
 

  • Author
Just now, tjb_altf4 said:

It would be due to having an IP on the interface, although its curious that it was picking up the wrong gateway.
No IP on interface. and it becomes editable.
 

My expectation was that it would pick it up as well but it doesn’t… let me try removing the IP on the interface…. I don’t need an IP on it specifically. That would be a better fix. 

  • Author

That was the better solution….while both solutions work, simply removing the IP on the interface and defining the network and gateway in the docker settings. 

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.