Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Docker Network Issue

Featured Replies

Hello!
So my weekend has been goind down the rabbit hole of docker networking for unraid. This seemed like a simple task for what I was trying to do, but, wow, this turned out to be alot harder than I thought. Can someone please help me with the getting this configured?!?!

Server Info:
- 4 Physical Network Interfaces

 

What am I trying to do with Docker?
 I am attempting to get my docker containers to have the same setup as selecting the default bridge, but on a different IP on the 4 interface (ETH3)

No matter what I setup, I can never get the docker network IP to translate to the IP address I want on the third interface. Please see the screenshot below:

image.png.a56e1484118c48d0c8e36e13e46ecbf9.png

I need the lan IP to be 192.168.95.200 while the docker containers have an IP of 172.18.0.X.

I have setup IPVLAN and MACVLAN but with these the docker containers have the same ip as the lan IP.

Can someone point me in the right direction for getting this configured?

OK, First lets Review Docker Netwroks in general


Docker Docs:

https://docs.docker.com/engine/network/


and how the driver types dictate the docker networks...

Quote

image.png.4873e13828635c07bbcff5262e383338.png

Heres a break-down:

 

image.png.ac9eb96a064e245b90e5beaa881ec326.png

 

1. Bridge

Default Docker network mode.

Ports are explicitly mapped (HostPort:ContainerPort) in the template.

 

Example:
If the app listens on port 8000 in the container, you can map it to 8050 on the host.

Min docker compose yaml example...
 

HTTP_CONTROL_SERVER_PORT: 8050 (host)
Container port: 8000

as the unraid template constructs a docker run file... Which results in something like:

 

-p 8050:8000

Where we tell nat that going to port 8050 need to point to port 8000. This doesn't stop the serve using port 8000 from still broadcasting and using the port...

NAT rule apply here to dockers default network type as you traverse to the unriad host ip to port to connect to this service...

2. Host

-The container shares the host’s network stack.

-No port mapping is needed or allowed. All ports used by the container must be free on the host.
Example docker run call:
 

docker run --network=host ...

Whatever port the app listens on in the container (say 8000), that port must be free on the host.

Use this only when an app needs to auto-discover services or work with broadcast/multicast.

 

Normally used for databases... They will replace unraids host level ports so if you run a web server on port 80 or 443 it will block and prevent the unraid web ui from working...

 

3. Container (aka --network=container:<container_id_or_name>)

-Shares network with another running container.

-Use case: VPN containers (like Gluetun).

-The secondary container inherits the network namespace of the VPN container.
so setting:
 

--network=container:gluetun

 

 

This means:

No port mappings in the template will be used.

Only ports exposed by Gluetun can be used to reach the app.

You cannot bind the same port twice across containers using the same network.

-So even though a unraid  template says:
Container Port: 8000
Host Port: 8050
--That only works in Bridge mode. In --network=container:gluetun, the app must be accessed via the VPN container's IP/interface and exposed ports...

4. None

The container has no network access at all.

Generally used for isolated or CLI-only tools.

*Similar to host... Rarely used dockers applications like Vim for example a application not found natively on unraid you can install vim with network none and use the consol of the docker to vim access files to path you add to the docker...

5.Custom: br0 / Veth
In my case per the picture it is using my Proxmox Veth... This is the ipvlan/macvlan depending on your docker settings....

in my case macvlan

*This allows the docker to talk to the same dhcp server and get a lan assigned IP.... this removes the nat port mapping so 8000 would be set to the custom ip you chose...
-I would recommend you use macvlan as well with vpn dockers, so each docker that get a custom ip also gets a random mac address. ipvlan will share its mac address...
 

-This gives the container its own IP on the LAN (like a VM).

-It appears as a separate device on your network.

-Useful for apps that require unique LAN identity (e.g., mDNS, DLNA).
*It is recommended when running web servers with a web page to use a macvlan/ipvlan in this case using unraids premade docker network for custom (br0, bond0, eth0) depending on your settings and unraid network configurations....

This is dictated by 3 settings across unraid.

Network settings:
image.png.0653cda794958ee0ef59d0f252996523.png

Docker settings:
image.thumb.png.83b90a8852c50b19747dccbbf9807e8c.png

...

This said. We can create additional custom docker networks ... and make our own bridge netwroks...
Comes down to how you want to interact with it...

Using terminal commands, we can check with docker inspect commands...
 

docker network ls

will list the current docker networks your host has access too can, can use...
image.png.174d7efab2e2badc2b804ce89ffa1d29.png

 

note the docker name...

docker inspect br0


using a inspect command, we can get data on dockers connected and what the settings are for the network example:
image.png.0ec8cce95c2799408c0e3053909e59f3.png

 

image.png.6a991fb2ba540f455d47fd2cef436076.png

Edited by bmartino1
typo

You will need to use the docker inspect command above to verify that you're not taking a pre-configured dockers static ip address...

 

Sadly unraid docker template web ui doesn't support setting up custom ip in use for the dockers set to the docker bridge network.

This would be easier in a compose file with settings other options...
Since the unraid templates essential builds a docker run line to run dockers...

We can use
https://www.composerize.com/
 

image.thumb.png.83fc88d790ba4552e18b0c6a804bd9bf.png

 

to turn unraid dockers tempates into compose files....
we can accomplish setting docker bridge ip in a compose file.
 

we will use this plugin:
image.png.ed19ca94e7a617aca32afea4404601bf.png
To run unraid webui dockers as compose files...

Lets review 2 example guides for dockers on the forum. 1 is immich and 1 is netprobe.

 

Immich:


netprobe:

 

Lets look at netprobe using compose file:
https://github.com/bmartino1/netprobe_lite/blob/master/docker-compose.yml

Netprobe consists of 5 dockers 3 using the same image, redis database and promethus database.

in the compose file we tell compose we will make our own docker network. Compose will make and destroy this docker network each time the compose file is ran...

 

#You can make a Docker Bridge network called netprobe-net and use this or have compose make and destory the network when they are up or down...
#docker network create --driver bridge --subnet=172.18.0.0/16 --gateway=172.18.0.1 netprobe-net
#networks:
#  netprobe-net:
#    external: true  # Use existing network

networks:
  netprobe-net:
    driver: bridge
    ipam:
      config:
        - subnet: 172.18.0.0/16  # Different subnet from Unraid's default Docker bridge
          gateway: 172.18.0.1

 

Then in the corresponding services under each docker image

 

    networks:
      - netprobe-net

would become:

    networks:
      netprobe-net:
        ipv4_address: 172.18.0.x


Here we can add additional networking data to each image...
Example:
 

services:
  redis:
    container_name: netprobe-redis
    ...
    networks:
      netprobe-net:
        ipv4_address: 172.18.0.2

  netprobe:
    container_name: netprobe-probe
    ...
    networks:
      netprobe-net:
        ipv4_address: 172.18.0.3

  speedtest:
    container_name: netprobe-speedtest
    ...
    networks:
      netprobe-net:
        ipv4_address: 172.18.0.4

  presentation:
    container_name: netprobe-presentation
    ...
    networks:
      netprobe-net:
        ipv4_address: 172.18.0.5

  prometheus:
    container_name: netprobe-prometheus
    ...
    networks:
      netprobe-net:
        ipv4_address: 172.18.0.6

  grafana:
    container_name: netprobe-grafana
    ...
    networks:
      netprobe-net:
        ipv4_address: 172.18.0.7

...

So, In theory we need to add another option to the filed extra parameter...

for example you can use the (advance toggel) and extra parameter field to add additional data.

example:
 

--hostname plex.home.arpa


image.png.eb0255f411bc992ff118909cbcea36a7.png

 

this tells the docker to use the hostname plex and my search domain .home.arpa

Its fine if you don't know your search domain. Usually its .local , .localdomain .lan... this is a dhcp router setting....
So I would recommend adding a host name to all your dockers.

--hostname plex

 

so in theory their is a way to tell the docker to use xyz ip address. But docker moved some things to the docker network side and away from the image docker variable side...


if i used redis as example and tied a redis unriad web ui docker to the bridge network to set its IP, I would use extra parameter option:

--ip=172.18.0.2

 

image.png.b41be25841cb1d24ed278b5b57392ab4.png

 

You will need to make sure you're following unraids default docker bridge settings... so in this case
 

--ip=172.17.0.x

to set the ip of the container.

Edited by bmartino1
typo

7 hours ago, H0pefulWanderer said:

Hello!
So my weekend has been goind down the rabbit hole of docker networking for unraid. This seemed like a simple task for what I was trying to do, but, wow, this turned out to be alot harder than I thought. Can someone please help me with the getting this configured?!?!

Server Info:
- 4 Physical Network Interfaces

 

What am I trying to do with Docker?
 I am attempting to get my docker containers to have the same setup as selecting the default bridge, but on a different IP on the 4 interface (ETH3)

No matter what I setup, I can never get the docker network IP to translate to the IP address I want on the third interface. Please see the screenshot below:

image.png.a56e1484118c48d0c8e36e13e46ecbf9.png

I need the lan IP to be 192.168.95.200 while the docker containers have an IP of 172.18.0.X.

I have setup IPVLAN and MACVLAN but with these the docker containers have the same ip as the lan IP.

Can someone point me in the right direction for getting this configured?


You will not be able to use --IP option to set the ip if it is in the bridge options as you would need to folow teh docker netwroks configurations. that why i set 172.x.x.x above...

SO:
*need the lan IP to be 192.168.95.200 while the docker containers have an IP of 172.18.0.X.

is unraid that ip address? or is the 95.200 in use by another machine on network?

AS, all you would need to use is a custom br0 (could be bond0, eth0) doesn't matter if its macvlan or ipvaln... and set it to 192.168.95.200

image.png.9e36b75e8e2486280bb6c1b490a7c7cf.png

 

Would need more info to assist.

Edited by bmartino1
Data - Typo

  • Author

@bmartino1 Wow, first thank you for taking the time to have such a detailed response. The lan IP 192.168.95.200 is  NOT the docker host. I guess in short, I am trying to mirror the same functionality as br0 on another ethernet port that is not the unraid host. From everything I am reading, it seems like it may not be possible. Hopefully you can let me know how to mirror this?

I have tried IPVLAN, MACVLAN, and Bridge. I am have at least gotten more comfortable this weekend with docker command line, so the weekend was't a total waste. I need the lan IP to be 192.168.95.200 while the docker containers have an IP of 172.18.0.X. on eth3

Hopefully, you can come up with a way to make this scenario to work?

Edited by H0pefulWanderer
add info

if i understood correctly:

-your eth0 (unraid host interface) is on 192.168.90.x.

-You want your docker container on 192.168.95.x

 

For that you have to give an address to your eth3 interface (192.168.95.200) and create a docker bridge network on this interface.

For example my unraid server has an adapter (eth0) on the main network (192.168.2.0/24). I created sub interfaces on other vlan networks (192.168.9.X, 192.168.10.x, 192.168.20.x,...)

so i have eth0: 192.168.2.50

eth0.10: 192.168.10.50

 

i created a docker network on top of eth0.10. it looks like this:

docker network inspect iotnet
[
    {
        "Name": "iotnet",
        "Id": "df4c4c20d706c464530aab9130a6bd7febc14090d3f3a4e8dff978404dc3771d",
        "Created": "2024-12-30T11:37:37.084870493+01:00",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "172.23.0.0/16",
                    "Gateway": "172.23.0.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {},
        "Options": {
            "com.docker.network.bridge.host_binding_ipv4": "192.168.10.50"
        },
        "Labels": {}
    }

i can't remember the full command but the key option is host_binding_ipv4.

It should look like this: docker network create -host_binding_ipv4 192.168.10.50 -driver bridge -name iotnet

 

If you don't specify the host binding ipv4 the docker network will be bound to unraid eth0 ipv4.

 

edit : for reference the official doc on bridge driver an its options

Edited by caplam

On 3/31/2025 at 10:43 PM, H0pefulWanderer said:

@bmartino1 Wow, first thank you for taking the time to have such a detailed response. The lan IP 192.168.95.200 is  NOT the docker host. I guess in short, I am trying to mirror the same functionality as br0 on another ethernet port that is not the unraid host. From everything I am reading, it seems like it may not be possible. Hopefully you can let me know how to mirror this?

I have tried IPVLAN, MACVLAN, and Bridge. I am have at least gotten more comfortable this weekend with docker command line, so the weekend was't a total waste. I need the lan IP to be 192.168.95.200 while the docker containers have an IP of 172.18.0.X. on eth3

Hopefully, you can come up with a way to make this scenario to work?

 

using a user script at startup we can make another brigde network interface.

br1 that connects to eth0 the same as br0 the difference is that we set br1 to teh 192.168.95.x dhcp setup adn range

this then becomes our ipvlan/macvlan for 192.168.95.x and its use with a docker crate comand.

br0 192.168.90.x is using the dhcp over eth0

as caplam has explained, it is possible with Vlans. What I'm explaing is a bit different.

the 192.168.95.x will need a dhcp server on teh netwrok if you chose to go vlns that s fine simalr setup and funcatiliy. If not. You can run a docker like pihole and conect to the docker netwrok and be the dhcp ip on 192.168.95 on unraid.

Dockers get trickey when tyring to use and have 2 networks. We get into the linux network and advance configuration such as "forbidden routers"... so loets go over some linuix networking stuff...

I prefer user script, this can be setup to be on the flash drive in the go file...

To achieve your network setup on Unraid 7, where you create a br1 bridge attached to eth0, assign it a static IP in the 192.168.95.0/24 subnet, and later use it for Docker, LXC, or VM networking — here's a breakdown of the steps and the corresponding Linux commands.

 

Step 1: Create the br1 Bridge Interface Manually

-Unraid doesn't persistently save ip or brctl changes across reboots

This is why the go file / user script will need to run once at first arry boot to make, add the interface and work with the system... ID for the netwrok may change, but the name should not...

script - Manual (Temporary) Setup:

# Create the bridge
ip link add name br1 type bridge

# Set eth0 as a member of br1
ip link set eth0 master br1

# Bring up the interfaces
ip link set eth0 up
ip link set br1 up

# Assign static IP to br1
ip addr add 192.168.95.1/24 dev br1

-Replace 192.168.95.1 with your preferred gateway IP for the br1 network.
As this would need to be the ip address of the interface that gets sent to pihole / dhcp server so teh 95.x network has internet access...
 

Advance networking, If you want to set a gateway...

ip route add default via 192.168.95.1 dev br1

as this will affect your unraids ip routes and networks... sadly, the web ui doesn't have the options to make the interface terminal commands only. Maybe in the future?...

you can review some settings in unriad web ui - settings
image.thumb.png.c1df830c7bbf56f82b143029543993e8.png


with this you have a bridge interface that you manul created and a 95.x subnet usable via unraid.
If the lan over eth0 doesn't have a dhcp server that fin it just means when you conect a dhcp instance / router like pihole that eth0 will server 90.x with your routers dhcp server and unraid wil be giving out 95.x ip... Unless you separate the network traffic using vlans... as caplam explained above.


with that we then make a docker network...
 

docker network create -d macvlan \
  --subnet=192.168.95.0/24 \
  --gateway=192.168.95.1 \
  -o parent=br1 \
  mca_vlan95

 

*Optional (with VLAN tag):

If you want VLAN tagging (e.g., VLAN 95), the parent must include VLAN:
you would change the -o parent options example will setup vlan 95 on eth0 we would target br1.95

-o parent=eth0.95

 

 

VLan route example:
In that case, you'd need to create the VLAN interface first:

ip link add link eth0 name eth0.95 type vlan id 95
ip link set eth0.95 up
ip link add name br1 type bridge
ip link set eth0.95 master br1
ip link set br1 up
ip addr add 192.168.95.1/24 dev br1

 

then docker:

docker network create -d macvlan \
  --subnet=192.168.95.0/24 \
  --gateway=192.168.95.1 \
  -o parent=eth0.95 \
  mca_vlan95

 

I would recommend using vlans. this would require your network and router to support vlans.

Pihole is an example. I would setup a unriad VM and run ipfire / opensens / pfsense as a vm router that connects to br1 and br0 so br0 give br1 the ability to connect to the internet.
You would need to tell the router vm that conects to br1 to be set to the static ip of 192.168.95.1

 

please post a diagnostic file.

Your network doen't make sense...

image.png.c8921296d3d3d9504cb0e60839a3b5ba.png
per first post your unraids IP is at:
192.168.90.210

 

if you want unraid to use ip of 192.168.95.x unraid needs to have that as a ip somewhere...

per second post:

Quote

I have tried IPVLAN, MACVLAN, and Bridge. I am have at least gotten more comfortable this weekend with docker command line, so the weekend was't a total waste. I need the lan IP to be 192.168.95.200 while the docker containers have an IP of 172.18.0.X. on eth3

 

what docker are you trying to connect and setup?

as this seems like you are wanting to setup a stack for the docker to function and work but only connect to it offline at a different subnet.
as without the dhcp sever the docker image is tol that its only network is 192.168.95.x and it can't connect to the internet to Dowland and use its services...

as the bridge network using 172.18.0.x is bridged to xyz network (not enough info)

so you have multiple Ethernet adapters on unraid... (as this may be accomplished within the unriad web ui)

I need more info to assit 

does eth3 have a lan connection to the subnet dhcp server for 192.168.95.x? in which case we can make a br1 connect to eth3 and set a 95.x network and make a docker network...

Please post a diag file so that i can get the necessary interface and data your system is experiences.

 

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.