March 30, 20251 yr Hello! So my weekend has been goind down the rabbit hole of docker networking for unraid. This seemed like a simple task for what I was trying to do, but, wow, this turned out to be alot harder than I thought. Can someone please help me with the getting this configured?!?! Server Info: - 4 Physical Network Interfaces What am I trying to do with Docker? I am attempting to get my docker containers to have the same setup as selecting the default bridge, but on a different IP on the 4 interface (ETH3) No matter what I setup, I can never get the docker network IP to translate to the IP address I want on the third interface. Please see the screenshot below: I need the lan IP to be 192.168.95.200 while the docker containers have an IP of 172.18.0.X. I have setup IPVLAN and MACVLAN but with these the docker containers have the same ip as the lan IP. Can someone point me in the right direction for getting this configured?
March 31, 20251 yr Community Expert OK, First lets Review Docker Netwroks in general Docker Docs: https://docs.docker.com/engine/network/ and how the driver types dictate the docker networks... Quote Heres a break-down: 1. Bridge Default Docker network mode. Ports are explicitly mapped (HostPort:ContainerPort) in the template. Example: If the app listens on port 8000 in the container, you can map it to 8050 on the host. Min docker compose yaml example... HTTP_CONTROL_SERVER_PORT: 8050 (host) Container port: 8000 as the unraid template constructs a docker run file... Which results in something like: -p 8050:8000 Where we tell nat that going to port 8050 need to point to port 8000. This doesn't stop the serve using port 8000 from still broadcasting and using the port... NAT rule apply here to dockers default network type as you traverse to the unriad host ip to port to connect to this service... 2. Host -The container shares the host’s network stack. -No port mapping is needed or allowed. All ports used by the container must be free on the host. Example docker run call: docker run --network=host ... Whatever port the app listens on in the container (say 8000), that port must be free on the host. Use this only when an app needs to auto-discover services or work with broadcast/multicast. Normally used for databases... They will replace unraids host level ports so if you run a web server on port 80 or 443 it will block and prevent the unraid web ui from working... 3. Container (aka --network=container:<container_id_or_name>) -Shares network with another running container. -Use case: VPN containers (like Gluetun). -The secondary container inherits the network namespace of the VPN container. so setting: --network=container:gluetun This means: No port mappings in the template will be used. Only ports exposed by Gluetun can be used to reach the app. You cannot bind the same port twice across containers using the same network. -So even though a unraid template says: Container Port: 8000 Host Port: 8050 --That only works in Bridge mode. In --network=container:gluetun, the app must be accessed via the VPN container's IP/interface and exposed ports... 4. None The container has no network access at all. Generally used for isolated or CLI-only tools. *Similar to host... Rarely used dockers applications like Vim for example a application not found natively on unraid you can install vim with network none and use the consol of the docker to vim access files to path you add to the docker... 5.Custom: br0 / Veth In my case per the picture it is using my Proxmox Veth... This is the ipvlan/macvlan depending on your docker settings.... in my case macvlan *This allows the docker to talk to the same dhcp server and get a lan assigned IP.... this removes the nat port mapping so 8000 would be set to the custom ip you chose... -I would recommend you use macvlan as well with vpn dockers, so each docker that get a custom ip also gets a random mac address. ipvlan will share its mac address... -This gives the container its own IP on the LAN (like a VM). -It appears as a separate device on your network. -Useful for apps that require unique LAN identity (e.g., mDNS, DLNA). *It is recommended when running web servers with a web page to use a macvlan/ipvlan in this case using unraids premade docker network for custom (br0, bond0, eth0) depending on your settings and unraid network configurations.... This is dictated by 3 settings across unraid. Network settings: Docker settings: ... This said. We can create additional custom docker networks ... and make our own bridge netwroks... Comes down to how you want to interact with it... Using terminal commands, we can check with docker inspect commands... docker network ls will list the current docker networks your host has access too can, can use... note the docker name... docker inspect br0 using a inspect command, we can get data on dockers connected and what the settings are for the network example: Edited March 31, 20251 yr by bmartino1 typo
March 31, 20251 yr Community Expert You will need to use the docker inspect command above to verify that you're not taking a pre-configured dockers static ip address... Sadly unraid docker template web ui doesn't support setting up custom ip in use for the dockers set to the docker bridge network. This would be easier in a compose file with settings other options... Since the unraid templates essential builds a docker run line to run dockers... We can use https://www.composerize.com/ to turn unraid dockers tempates into compose files.... we can accomplish setting docker bridge ip in a compose file. we will use this plugin: To run unraid webui dockers as compose files... Lets review 2 example guides for dockers on the forum. 1 is immich and 1 is netprobe. Immich: netprobe: Lets look at netprobe using compose file: https://github.com/bmartino1/netprobe_lite/blob/master/docker-compose.yml Netprobe consists of 5 dockers 3 using the same image, redis database and promethus database. in the compose file we tell compose we will make our own docker network. Compose will make and destroy this docker network each time the compose file is ran... #You can make a Docker Bridge network called netprobe-net and use this or have compose make and destory the network when they are up or down... #docker network create --driver bridge --subnet=172.18.0.0/16 --gateway=172.18.0.1 netprobe-net #networks: # netprobe-net: # external: true # Use existing network networks: netprobe-net: driver: bridge ipam: config: - subnet: 172.18.0.0/16 # Different subnet from Unraid's default Docker bridge gateway: 172.18.0.1 Then in the corresponding services under each docker image networks: - netprobe-net would become: networks: netprobe-net: ipv4_address: 172.18.0.x Here we can add additional networking data to each image... Example: services: redis: container_name: netprobe-redis ... networks: netprobe-net: ipv4_address: 172.18.0.2 netprobe: container_name: netprobe-probe ... networks: netprobe-net: ipv4_address: 172.18.0.3 speedtest: container_name: netprobe-speedtest ... networks: netprobe-net: ipv4_address: 172.18.0.4 presentation: container_name: netprobe-presentation ... networks: netprobe-net: ipv4_address: 172.18.0.5 prometheus: container_name: netprobe-prometheus ... networks: netprobe-net: ipv4_address: 172.18.0.6 grafana: container_name: netprobe-grafana ... networks: netprobe-net: ipv4_address: 172.18.0.7 ... So, In theory we need to add another option to the filed extra parameter... for example you can use the (advance toggel) and extra parameter field to add additional data. example: --hostname plex.home.arpa this tells the docker to use the hostname plex and my search domain .home.arpa Its fine if you don't know your search domain. Usually its .local , .localdomain .lan... this is a dhcp router setting.... So I would recommend adding a host name to all your dockers. --hostname plex so in theory their is a way to tell the docker to use xyz ip address. But docker moved some things to the docker network side and away from the image docker variable side... if i used redis as example and tied a redis unriad web ui docker to the bridge network to set its IP, I would use extra parameter option: --ip=172.18.0.2 You will need to make sure you're following unraids default docker bridge settings... so in this case --ip=172.17.0.x to set the ip of the container. Edited March 31, 20251 yr by bmartino1 typo
March 31, 20251 yr Community Expert 7 hours ago, H0pefulWanderer said: Hello! So my weekend has been goind down the rabbit hole of docker networking for unraid. This seemed like a simple task for what I was trying to do, but, wow, this turned out to be alot harder than I thought. Can someone please help me with the getting this configured?!?! Server Info: - 4 Physical Network Interfaces What am I trying to do with Docker? I am attempting to get my docker containers to have the same setup as selecting the default bridge, but on a different IP on the 4 interface (ETH3) No matter what I setup, I can never get the docker network IP to translate to the IP address I want on the third interface. Please see the screenshot below: I need the lan IP to be 192.168.95.200 while the docker containers have an IP of 172.18.0.X. I have setup IPVLAN and MACVLAN but with these the docker containers have the same ip as the lan IP. Can someone point me in the right direction for getting this configured? You will not be able to use --IP option to set the ip if it is in the bridge options as you would need to folow teh docker netwroks configurations. that why i set 172.x.x.x above... SO: *need the lan IP to be 192.168.95.200 while the docker containers have an IP of 172.18.0.X. is unraid that ip address? or is the 95.200 in use by another machine on network? AS, all you would need to use is a custom br0 (could be bond0, eth0) doesn't matter if its macvlan or ipvaln... and set it to 192.168.95.200 Would need more info to assist. Edited March 31, 20251 yr by bmartino1 Data - Typo
April 1, 20251 yr Author @bmartino1 Wow, first thank you for taking the time to have such a detailed response. The lan IP 192.168.95.200 is NOT the docker host. I guess in short, I am trying to mirror the same functionality as br0 on another ethernet port that is not the unraid host. From everything I am reading, it seems like it may not be possible. Hopefully you can let me know how to mirror this? I have tried IPVLAN, MACVLAN, and Bridge. I am have at least gotten more comfortable this weekend with docker command line, so the weekend was't a total waste. I need the lan IP to be 192.168.95.200 while the docker containers have an IP of 172.18.0.X. on eth3 Hopefully, you can come up with a way to make this scenario to work? Edited April 1, 20251 yr by H0pefulWanderer add info
April 1, 20251 yr if i understood correctly: -your eth0 (unraid host interface) is on 192.168.90.x. -You want your docker container on 192.168.95.x For that you have to give an address to your eth3 interface (192.168.95.200) and create a docker bridge network on this interface. For example my unraid server has an adapter (eth0) on the main network (192.168.2.0/24). I created sub interfaces on other vlan networks (192.168.9.X, 192.168.10.x, 192.168.20.x,...) so i have eth0: 192.168.2.50 eth0.10: 192.168.10.50 i created a docker network on top of eth0.10. it looks like this: docker network inspect iotnet [ { "Name": "iotnet", "Id": "df4c4c20d706c464530aab9130a6bd7febc14090d3f3a4e8dff978404dc3771d", "Created": "2024-12-30T11:37:37.084870493+01:00", "Scope": "local", "Driver": "bridge", "EnableIPv6": false, "IPAM": { "Driver": "default", "Options": {}, "Config": [ { "Subnet": "172.23.0.0/16", "Gateway": "172.23.0.1" } ] }, "Internal": false, "Attachable": false, "Ingress": false, "ConfigFrom": { "Network": "" }, "ConfigOnly": false, "Containers": {}, "Options": { "com.docker.network.bridge.host_binding_ipv4": "192.168.10.50" }, "Labels": {} } i can't remember the full command but the key option is host_binding_ipv4. It should look like this: docker network create -host_binding_ipv4 192.168.10.50 -driver bridge -name iotnet If you don't specify the host binding ipv4 the docker network will be bound to unraid eth0 ipv4. edit : for reference the official doc on bridge driver an its options Edited April 1, 20251 yr by caplam
April 2, 20251 yr Community Expert On 3/31/2025 at 10:43 PM, H0pefulWanderer said: @bmartino1 Wow, first thank you for taking the time to have such a detailed response. The lan IP 192.168.95.200 is NOT the docker host. I guess in short, I am trying to mirror the same functionality as br0 on another ethernet port that is not the unraid host. From everything I am reading, it seems like it may not be possible. Hopefully you can let me know how to mirror this? I have tried IPVLAN, MACVLAN, and Bridge. I am have at least gotten more comfortable this weekend with docker command line, so the weekend was't a total waste. I need the lan IP to be 192.168.95.200 while the docker containers have an IP of 172.18.0.X. on eth3 Hopefully, you can come up with a way to make this scenario to work? using a user script at startup we can make another brigde network interface. br1 that connects to eth0 the same as br0 the difference is that we set br1 to teh 192.168.95.x dhcp setup adn range this then becomes our ipvlan/macvlan for 192.168.95.x and its use with a docker crate comand. br0 192.168.90.x is using the dhcp over eth0 as caplam has explained, it is possible with Vlans. What I'm explaing is a bit different. the 192.168.95.x will need a dhcp server on teh netwrok if you chose to go vlns that s fine simalr setup and funcatiliy. If not. You can run a docker like pihole and conect to the docker netwrok and be the dhcp ip on 192.168.95 on unraid. Dockers get trickey when tyring to use and have 2 networks. We get into the linux network and advance configuration such as "forbidden routers"... so loets go over some linuix networking stuff... I prefer user script, this can be setup to be on the flash drive in the go file... To achieve your network setup on Unraid 7, where you create a br1 bridge attached to eth0, assign it a static IP in the 192.168.95.0/24 subnet, and later use it for Docker, LXC, or VM networking — here's a breakdown of the steps and the corresponding Linux commands. Step 1: Create the br1 Bridge Interface Manually -Unraid doesn't persistently save ip or brctl changes across reboots This is why the go file / user script will need to run once at first arry boot to make, add the interface and work with the system... ID for the netwrok may change, but the name should not... script - Manual (Temporary) Setup: # Create the bridge ip link add name br1 type bridge # Set eth0 as a member of br1 ip link set eth0 master br1 # Bring up the interfaces ip link set eth0 up ip link set br1 up # Assign static IP to br1 ip addr add 192.168.95.1/24 dev br1 -Replace 192.168.95.1 with your preferred gateway IP for the br1 network. As this would need to be the ip address of the interface that gets sent to pihole / dhcp server so teh 95.x network has internet access... Advance networking, If you want to set a gateway... ip route add default via 192.168.95.1 dev br1 as this will affect your unraids ip routes and networks... sadly, the web ui doesn't have the options to make the interface terminal commands only. Maybe in the future?... you can review some settings in unriad web ui - settings with this you have a bridge interface that you manul created and a 95.x subnet usable via unraid. If the lan over eth0 doesn't have a dhcp server that fin it just means when you conect a dhcp instance / router like pihole that eth0 will server 90.x with your routers dhcp server and unraid wil be giving out 95.x ip... Unless you separate the network traffic using vlans... as caplam explained above. with that we then make a docker network... docker network create -d macvlan \ --subnet=192.168.95.0/24 \ --gateway=192.168.95.1 \ -o parent=br1 \ mca_vlan95 *Optional (with VLAN tag): If you want VLAN tagging (e.g., VLAN 95), the parent must include VLAN: you would change the -o parent options example will setup vlan 95 on eth0 we would target br1.95 -o parent=eth0.95 VLan route example: In that case, you'd need to create the VLAN interface first: ip link add link eth0 name eth0.95 type vlan id 95 ip link set eth0.95 up ip link add name br1 type bridge ip link set eth0.95 master br1 ip link set br1 up ip addr add 192.168.95.1/24 dev br1 then docker: docker network create -d macvlan \ --subnet=192.168.95.0/24 \ --gateway=192.168.95.1 \ -o parent=eth0.95 \ mca_vlan95 I would recommend using vlans. this would require your network and router to support vlans. Pihole is an example. I would setup a unriad VM and run ipfire / opensens / pfsense as a vm router that connects to br1 and br0 so br0 give br1 the ability to connect to the internet. You would need to tell the router vm that conects to br1 to be set to the static ip of 192.168.95.1
April 2, 20251 yr Community Expert please post a diagnostic file. Your network doen't make sense... per first post your unraids IP is at: 192.168.90.210 if you want unraid to use ip of 192.168.95.x unraid needs to have that as a ip somewhere... per second post: Quote I have tried IPVLAN, MACVLAN, and Bridge. I am have at least gotten more comfortable this weekend with docker command line, so the weekend was't a total waste. I need the lan IP to be 192.168.95.200 while the docker containers have an IP of 172.18.0.X. on eth3 what docker are you trying to connect and setup? as this seems like you are wanting to setup a stack for the docker to function and work but only connect to it offline at a different subnet. as without the dhcp sever the docker image is tol that its only network is 192.168.95.x and it can't connect to the internet to Dowland and use its services... as the bridge network using 172.18.0.x is bridged to xyz network (not enough info) so you have multiple Ethernet adapters on unraid... (as this may be accomplished within the unriad web ui) I need more info to assit does eth3 have a lan connection to the subnet dhcp server for 192.168.95.x? in which case we can make a br1 connect to eth3 and set a 95.x network and make a docker network... Please post a diag file so that i can get the necessary interface and data your system is experiences.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.