Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

VM as the gateway/router/network provider

Featured Replies

I am trying to setup my unraid server to be standalone and basically be the AP and "lan provider"

please dont just reply that i need a router or second machine :C

my machine has 2 NICS and a wifi card
i did created a VM with openwrt, passed through the wifi card and it works just fine as an AP and i can even get online trough that connection

however i am having a very hard time configuring the unraid Host to connect to the VM networking...

i tried to bridge eth1 with the VM but the interface wont get up i guess because the physical port is not connected to a real device
I also tried to create a dummy eth3 port, then bridge and force it to go up but no use....

is there a way that i can create a host-VM connection where unraid will use the VM's network?


PS i dont have a license yet, i am on trial until i figure this out

this is often called a forbiden router.

https://www.youtube.com/watch?v=r9fWuT5Io5Q
https://www.reddit.com/r/unRAID/comments/6wnkow/video_guide_how_to_setup_a_virtual_vpn_router_on/

i've gon over the linux comads. Your better off passing a pcie nic device to gurantee seperation.

Unraid is not networking equipment you will experience layer 2 layer 3 isseues...

i've gone over the thoeries the comands and pratcal use case of making bride interfaces and connection.

the end iseus is that unraid done't have a good wat to mutip ip orute when a interface shares the same subnet.

so exampel eth1 and eth2 and pluged into the same router dhcp server. unriad will deafutl trafic over eth1 even thouigh ewth2 is conected. even in bondin and dfault configs eth1 is prefed...

however you can make a passed physicl nic and make a br42 interface and coenct that to your router VM and use br42 with a docker netwrok also explained on the forum before...

I don't recomend trying this on unriad. HWile posble it server no good use case even with atempts at firewall and contorls. physical hardware and softwre constratins to teh cost of hardware and need for a specfic use case.

  • Author
On 9/16/2025 at 1:15 AM, bmartino1 said:

this is often called a forbiden router.

https://www.youtube.com/watch?v=r9fWuT5Io5Q
https://www.reddit.com/r/unRAID/comments/6wnkow/video_guide_how_to_setup_a_virtual_vpn_router_on/

i've gon over the linux comads. Your better off passing a pcie nic device to gurantee seperation.

Unraid is not networking equipment you will experience layer 2 layer 3 isseues...

i've gone over the thoeries the comands and pratcal use case of making bride interfaces and connection.

the end iseus is that unraid done't have a good wat to mutip ip orute when a interface shares the same subnet.

so exampel eth1 and eth2 and pluged into the same router dhcp server. unriad will deafutl trafic over eth1 even thouigh ewth2 is conected. even in bondin and dfault configs eth1 is prefed...

however you can make a passed physicl nic and make a br42 interface and coenct that to your router VM and use br42 with a docker netwrok also explained on the forum before...

I don't recomend trying this on unriad. HWile posble it server no good use case even with atempts at firewall and contorls. physical hardware and softwre constratins to teh cost of hardware and need for a specfic use case.



Thanks for the info and sharing, i will have a look,
it was funny seing this project at "the forbidden router", yes that is sooo true and i agree with it!
the machine i am setting this up is not a machine that i will depend on it for connections or to access the network. and i will only turn it on in small bursts.
îts really about being as portable as possible and be able to transfer stuff without relying on anything else... (kinda like a wireless usb stick that won't corrupt)

i can always setup something in debian or use other solutions for this....
maybe i could even do the other way around and put unraid in a vm, but the storage thing is the main use for this machine and i want the storage to be its main thing.
in my mind wouldn't make sense to virtualize unraid.. if i end up setting up a proxmox (or similar) machine i wouldn't actually have use for unraid, i would just setup a RAID, ZFS, or even ceph (i wanted to try that one for a long time, it would be interesting to have an s3 api available)
the thing is i really enjoyed unraid, it seems to work right out of the box and very close to my dream "just a bunch of disks" system the parity thing and smb shares work very well, and i really had fun with it. i always had a bad time with SMB on other solutions...

Edited by miguel_urbie

  • Author

Ok, i managed to pull it off and i am writing here for the reference and to help people in the future

I am used to modern Debian based systems, so well, " modern people with their systemd based tools that don't know better", i am one of those.. it was a cool experience for me dealing with

unraid not only is not debian, in unraid the interface and OS was made some unconventional decisions that probbaly made every sense for the people developing and it's history.

well, i found out that pratically unraid expects eth0 to be it's main communication port, when trying stuff around like dhcp, routes etc, by convention and default just preefers to use eth0

when deploying a VM with openwrt or other solution bridged to eth0 + br0, (dhcp and dns servers) unraid will work out of the box.
with unraid and the VM connected to br0, unraid can get a dhcp lease and work fine even without anything connected to the real port, unraid sees there is a dhcp on the bridge and gladly accepts it.
but if you attempt to do the same on a br1 without manual configuration in the shell it's a nightmare.

you can use eth1/br1 (the interface allows that), but in my case since i had not a physical cable connected to this port, unraid just decides to ignore that this bridge has anything on it...

so yeah, even if your VM provides the network or somehting in eth1, that is a "faiolver" or "alternative" connection, not like the main exit port....

so basically, unraid will gladly connect to a bridged VM or anything on eth0

in eth1 it can connect to wan but it's not as plug and play, there is a checkbox to allow it as the gateway but stuff like DNS is still configured in eth0 and yeah, you need to have a real device connected to that port which i didn't bother tryiing

Some rants, notes and tangets to assit... thats not quite correct... as I do have unraid created interfaces and a router VM and testings done within a docker network... more as a proff of concept not having a actual used for pratcaltiy...

to Clarify, your claim of defaulting to a interfaces is due to a inet script and defualt behavior. thats because a conflict in the iproute between the 2 bridges. you made and how to force a route over another.

So lets go over some advance linux stuff... since you get the warrning and now to explan and go over the proff of concept and whats happening...


Slackware unraid uses systemvar and a networking inet rc convoluted net rc script found in the rc.d shich is the equilvent to the orgianl ubnut/debain servicers and daemons. before systemd was a thing. (where systemd esentail thorws stuf all over such as the home user folder for apps and server/daemons...) I do not like systemd...


go check it out

image.png

ALSO! you can even forgo unraids creation of br0 and bond0 and work directly with other web ui / config changes and based on these webui changes runs different aspects of the inet system var script. (as this dictates network settings)...

per example remove br0 by turning off bridging:

image.png

This to prove the point that Unriad doesn't force chose the dev device as mentioned earlier... its a issue that unraid can't use multiple devices on the same subnet and this is a layer 2 layer 3 issues where you are trying to direct traffic over one interface over the other. ther is a ip route that force the use to your eth0 and you falsly came to the conclusion that it defuatls to that...

Per another example... you could edit the ip route and remove the iproute of the other device and use br1...

(Tangent on macvlan shim bridge a default behavior that works and is shipped but is a problematic feature/bug)
Macvlan seperates the host form the docker network. the docker has a a static ip its own mac address and terminal on the host is not able to talk to that ip(even though its routing and on the same subnet of the host! another device, not the host can talk and connect to the docker)

So An example of some unriad host commands to edit interfaces and fix the macvlan shim (a fix for the bug -ish) as a bridge was made that uses the ip address at 2 different macs (more to help s***up unifi and fix a bridge iproute issue on unraid itself a we need to treat the shim interface like a docker needing its own static ip and NOT DUPLICATE THE IP ADDRESS FORM BR0) most rouoters will ignore it unfi sees it being enterpirse ish equipment and sees the issues with the same ip on 2 seperate mac address... as br0 duplicates the eth0 interface mac address...

#################################

Side review notes off topic just a memory...

this reminds me of a old class project for networking where we build our own routers in Debian linux:
https://gridscale.io/en/community/tutorials/debian-router-gateway/

https://tongkl.com/building-a-router-from-scratch-part-1/

Build it your self don't use a premade router os...

...
################################


So lets review an exmple of eth1 and br1 something we can make...
Hers an One-time (immediate) setup example... lets say we have another nick eth1 and lets make our own br1 interface....

*as I find it easeier to set a static ip address then use dhcp when one manual created interfaces... but the premise and info / heart of the issues remains.


# 1) make sure eth1 is up
ip link set dev eth1 up

# 2) create the bridge
ip link add name br1 type bridge

# 3) add eth1 to the bridge
ip link set dev eth1 master br1

# 4a) give br1 an IP via DHCP (Unraid uses dhcpcd)
dhcpcd -n br1

#   OR set a static IP (pick your subnet/gateway)
# 4b) static example
# ip addr add 192.168.2.10/24 dev br1
# ip link set dev br1 up
# ip route replace default via 192.168.2.1

# 5) bring the bridge up (if you didn’t do 4b)
ip link set dev br1 up

# 6) sanity checks
ip -d link show br1
bridge link
ip addr show br1

*dhcpd can break stuff.... (static ip set script later this is example comands code and lets say we have xyz....)

But, This creates a br1 and ties it to eth1 interface

since you have eth0 you can tie eth0 the same way br0 does... (multiple bridges can be tied to the same eth interface...) you can make a br1 tied to eth0 ...

So, now then take a look at ip route.

(*I will use the shim bridge for this example... as i told the ship br0 to be set to 192.168.201.101)

root@The-Borg:~# ip route

default via 192.168.201.1 dev br0 metric 1005

172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1

192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 linkdown

192.168.201.0/24 dev shim-br0 proto kernel scope link src 192.168.201.101

192.168.201.0/24 dev br0 proto kernel scope link src 192.168.201.100 metric 1

root@The-Borg:~#

as noted here in the shim bridge (which exist more for the host to interact and communicates from host to the macvlan docker network...)
*but all traffic will default and use the iproute to br0 even though a bridge interface exist to talk to the router over the shim-br0 interface...

Thus the shim-br0 or br1 per the example will never be used! as it shares the same subnet!

The issues is how unriad will default and define a ip route to the first subnet device that is usable.

How to fix this since we have 2 interfaces on the same subnet now... well, that usualy called a bond and is used for failover. when 1 nic stops, use this interface!...


This is where we would go into bonds. as 2 interfaces sharing the same subnet and I've found unraid to be able to make and use the bond but breaks and will prefer the first interface(eth0 or eth1) as thats the first to have a iproute... thus even when bonded it will default and use eth0 until eth0 is no longer connected and making a link...

thus a issues is in routes and a layer 2 layer 3 router. Not with a individual interface!

This is why i say UNRAID IS NOT NETWORKING EQUIPMENT! as a router would be able to edit these routes and has rules to dictate the traffic to use a interface over another.

(you can edit and use ip routes you define!)

Further (Tangent on unraid VMS domain xml vm configurations...) see https://libvirt.org/formatnetwork.html


so if using the software links with a vms xml. your passing br1 or another interface...
there are even inet rc scripts due to some vm settings that can chage how ip routes and interfaces interact...

image.png

as this will change some inner communication.

(tangent on older hardware/software limitations with nics)
By default unraid ships with br0 bridging enabled as it is best practice to tie things to a bridge interface due to hardware nic limitations. not all nic support routing features and option roms on the nic for use. creating a software brdige and having a br0 intefaces makes up the differece. (this was a big issues in the past that not much of a issues now)...

(tangent to ahv unraid webui netowork config make the br1 eth1 dhcp)I do not recomend editing the config only here as a refference!
you can also edit the unraid netowk conig..

persists network settings in /boot/config/network.cfg

example adding:

# existing br0 section likely uses index [0]

# add a new section for br1 using index [1]

BRNAME[1]="br1"

BRSTP[1]="no"

BRFD[1]="0"

BRNICS[1]="eth1"

BONDING[1]="no"

# choose DHCP or static for br1:

USE_DHCP[1]="yes"

# (for static instead)

# USE_DHCP[1]="no"

# IPADDR[1]="192.168.2.10"

# NETMASK[1]="255.255.255.0"

# GATEWAY[1]="192.168.2.1"

MTU[1]="" # or set e.g. "1500" / "9000"

...

then reboot or restart netowrking
/etc/rc.d/rc.inet1 stop && /etc/rc.d/rc.inet1 start


#Heart of the issue: #

The ip / bridge commands (part of iproute2)

Review the manpages for commands form iproute2

https://manpages.debian.org/stretch/iproute2/ip.8.en.html

I prefer to static assign..

use static IP example

# make sure eth1 is up
ip link set dev eth1 up
# create br1 bridge
ip link add name br1 type bridge
# add eth1 to br1
ip link set dev eth1 master br1
# assign static IP
ip addr add 192.168.2.7/24 dev br1
# bring up br1
ip link set dev br1 up
# set default gateway if needed (adjust gateway IP to match your network)
ip route replace default via 192.168.2.1

a router usually require ipv4 and ipv6 forwarding. by default unraids system ctl done't have ipv6 enable due to other issues...


(Tangent on ipv4 forwarding and ipv6 forwarding) (Linux bug ish on ipv6 RA vs dhcp and issues using ipv4 for iner communications),,,

we can re-enable them...

#!/bin/bash

# Delay before starting
sleep 10

# Apply sysctl settings
apply_sysctl_settings() {
    echo "Applying sysctl settings..."
    sysctl -w net.ipv6.conf.all.forwarding=1
    sysctl -w net.ipv6.conf.br0.accept_ra=2
    sysctl -w net.ipv6.conf.br0.accept_ra_rt_info_max_plen=64
    sysctl -w vm.overcommit_memory=1

    echo "Verifying sysctl settings..."
    sysctl net.ipv6.conf.all.forwarding
    sysctl net.ipv6.conf.br0.accept_ra
    sysctl net.ipv6.conf.br0.accept_ra_rt_info_max_plen
    sysctl vm.overcommit_memory
}

apply_sysctl_settings

As I said I've gone over this a lot with others(lost on the forum but they exist...) ... and its my recommendation to go another route... to guarantee and get the wanted functionality.

BU, Since you're serious in trying to learn or accomplish this... see the other area please review other commands and data here. (can't seem to find some major commands and back and forth with others on how, where the gotchas are and why... will post separately if i find it..)

But here's other examples:
https://forums.unraid.net/topic/184619-i-have-two-physical-networks-eth0-and-eth1-but-only-eth0-is-available-for-docker-containers/#findComment-1517509

and review the videos found here:
https://forums.unraid.net/topic/147455-support-unifi-controller-unifi-unraid-reborn/page/11/#findComment-1385625


and a side note to change the interface namve via the macaddrss of a interface... we can even force the interface of eth0 or eth1 name via the mac address with a udev rule

https://forums.unraid.net/topic/180430-networking-help/#findComment-1489685

...

so back to The Point! as I'm tyring to show exmpaln and go over alot of data..... To me, Your misunderstanding default behavior and what's actually happened based on misconfiguration and not asking questions nor giveing data on what you did where... As I often find others on this forum after going into great lengths with endusers not folowing the info and sytems run stuff willy nilly. and not asking why xyz and not having the goal... etc. and S***t hits the fan especal when it doent' work nor work as intended / configured. Which is why the OG post and warning. I will gladly go over commands, xml, and areas. Just note that as i've done this for mutiple users, that there is a reason why no and why its doing what its doing. but that doent' mean we can't work around it...

So. because I have pulled it off and understand whats happening due to the scripts, web ui settings, other network conifgs and OS commans. What router its using and how to control and dictate the routes....

Quote:
Ok, i managed to pull it off and i am writing here for the reference and to help people in the future
...

and unraid expects eth0 to be it's main communication port

Is FALSE! unraid is doing what it was told and ip route dictates that eth0 has and was the first route thus all trafic will use that interface UNTIL A ip route is told and fixed!

also try other rotuers OS. you mentioned openwrt... Loook at pfsense, ipfire, opensen, etc.. As this is a convloute mess and has underlying isseus as well. ipfire just works and is what I would recomend for testing.... Ipfire is based off of an orginal project in freebsd called ip cop. ipfire is rebuilt from the gorund up in scratch linux. and from my testing when I built the unraid VM router and went down this rabit hole the isues always came from how unriad had iproute to the interface and the need/want to use a different interface due to default scripts and exisitng ip route rules. dictacted via the inet rc script.

Also worth a watch:
https://www.youtube.com/watch?v=zstdOS_6ajY

https://www.youtube.com/watch?v=Gy2g1ciJRqA


What I need is clear object goal.

what hardware. interfaces. the output of ip a and ip route

a unraid daig. and the vms XML code.

web ui picture of you settings > network for is bridging enabled is bondign enabled. and vm settign picture to see what your VM hyperv switch is set to where VM default get internet access. XML code can be used that goes agisn the setting and skip/bypass it as we may want to use something else in libvcirt domain xml format to tell th vm what we doing and how to use the interface...

Example.
I have a single nic unriad os. I want a software bridge router VM to act as a firewall. I will lan connect a softwre bridge to a docker network. this way my docker networking is on a isolate ip subnet. all internet coming in will be thought the uinriad host eth0 and we will leverage br0 br1 as a docker network with a different ip address and subnet.

router > ?switch > unraid machine > VM Router(ill use ipfire) > unraid br interface for a lan > docker network that can access internet through the VM...

found one of my earlier communications that went over commands proof of concepts and attempts at assisting other with similar setups... there is another lost of the forum...

Please review the entire forum post.
https://forums.unraid.net/topic/184619-i-have-two-physical-networks-eth0-and-eth1-but-only-eth0-is-available-for-docker-containers/#findComment-1511799

and

Where we can assign multiple ip address to the bridge.

https://forums.unraid.net/topic/185418-cant-access-containers-through-browser/#findComment-1514753

Edited by bmartino1

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.