[6.3.0+] How to setup Dockers without sharing unRAID IP address


ken-ji

168 posts in this topic Last Reply

Recommended Posts

1 minute ago, CHBMB said:

Errr, I've kinda changed my approach now, doing it all at the firewall level.  But I did enjoy messing around with the macvlan stuff and I can definitely see how it would be very useful for others.

 

Your firewall solution is good, but with macvlan support you can do more... :)

 

E.g. it allows you to give individual dockers their own IP address (either dynamically or statically).

Say you want to run two web servers and both use port 80, this becomes a very easy task.

Docker isolation is also made very easy, e.g. run a docker within its own (local) network segment

Link to post
  • Replies 167
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Popular Posts

How to setup Dockers to have own IP address without sharing the host IP address: This is only valid in unRAID 6.3 series going forward. 6.4.0 has this built into the GUI but currently have a

Perhaps you would be interested to know that macvlan support is added in the upcoming version of unRAID, it allows you to select additional 'custom' networks from the GUI.  

Bridging is just a sample (and a recommended setup since you typically want VMs to use the same physical NICs without having to NAT - the default vmbr0 is a NAT bridge). You can use eth1 just the same

Posted Images

13 minutes ago, bonienl said:

Perhaps you would be interested to know that macvlan support is added in the upcoming version of unRAID, it allows you to select additional 'custom' networks from the GUI.

 

 

When is this coming?? I'm excited now :D

Link to post
2 minutes ago, jrdnlc said:

 

When is this coming?? I'm excited now :D

 

Soon™ :)

 

Remember we are talking Release Candidate (RC) here, in other words for testing purposes and feedback!

Edited by bonienl
Link to post
1 minute ago, wgstarks said:

This all sounds very interesting but I'm afraid I'm a little short on the background to understand most of this. Could someone point me to a good vlan for dummies guide.

 

Actually macvlan is the solution used by Docker, but from a GUI perspective this is hidden and the user is just presented with some additional network choices and doesn't need to worry about the underlaying translation.

 

Link to post
 
Your firewall solution is good, but with macvlan support you can do more...
 
E.g. it allows you to give individual dockers their own IP address (either dynamically or statically).
Say you want to run two web servers and both use port 80, this becomes a very easy task.
Docker isolation is also made very easy, e.g. run a docker within its own (local) network segment

Oh yeah, absolutely, I just don't need to.... yet. Never say never.

Sent from my LG-H815 using Tapatalk

Link to post
1 minute ago, CHBMB said:


Oh yeah, absolutely, I just don't need to.... yet. Never say never.
 

 

Yeah right... you don't have two or more dockers claiming the same TCP port :) 

Link to post

I do, but atm it's as easy to change port as it is to change the ip. What macvlan will help me out with is testing. Currently got 4 instances of MariaDB and 3 instances of Nextcloud.

Sent from my LG-H815 using Tapatalk

Link to post
18 hours ago, bonienl said:

 

Your firewall solution is good, but with macvlan support you can do more... :)

 

E.g. it allows you to give individual dockers their own IP address (either dynamically or statically).

Say you want to run two web servers and both use port 80, this becomes a very easy task.

Docker isolation is also made very easy, e.g. run a docker within its own (local) network segment

 

The only thing needed is fitting this nicely in the interface, now if we could find someone who would be amazin at that....

Link to post
1 hour ago, Helmonder said:

 

The only thing needed is fitting this nicely in the interface, now if we could find someone who would be amazin at that....

 

Just a little more patience...

Link to post
  • 3 weeks later...
11 hours ago, zin105 said:

I just can't get this to work. When I try to access the WebUI of my container it times out. 

 

Here's a link to my network page; Picture

 

The IP address details are:
unRAID = 192.168.1.216
Gateway/router = 192.168.1.1
Subnet = 192.168.1.0/24

 

The command I wrote;

docker network create \
-o parent=br1 \
--driver macvlan \
--subnet 192.168.1.0/24 \
--ip-range 192.168.1.128/25 \
--gateway 192.168.1.1 \
docker1

 

Here's a link to the docker settings in question; Picture

 

Update; Here's the output of the commands listed in the OP. And yes, the container is started fully (green play button).

 


root@HTPC:~# docker inspect duplicati | grep IPAddress
            "SecondaryIPAddresses": null,
            "IPAddress": "",
                    "IPAddress": "192.168.1.213",
root@HTPC:~# docker exec duplicati ping www.google.com
rpc error: code = 2 desc = containerd: container not started

 

This is the output of a different container I tried it on. Gives a different result.

 


root@HTPC:~# docker exec observium ping www.google.com
ping: unknown host www.google.com
root@HTPC:~# docker exec observium ping 8.8.8.8
connect: Network is unreachable

Do it like this instead FPA0ZpW.png

 

Link to post
11 hours ago, zin105 said:

I just can't get this to work. When I try to access the WebUI of my container it times out. 

 

Here's a link to my network page; Picture

 

The IP address details are:
unRAID = 192.168.1.216
Gateway/router = 192.168.1.1
Subnet = 192.168.1.0/24

 

The command I wrote;

docker network create \
-o parent=br1 \
--driver macvlan \
--subnet 192.168.1.0/24 \
--ip-range 192.168.1.128/25 \
--gateway 192.168.1.1 \
docker1

 

Here's a link to the docker settings in question; Picture

 

Update; Here's the output of the commands listed in the OP. And yes, the container is started fully (green play button).

 


root@HTPC:~# docker inspect duplicati | grep IPAddress
            "SecondaryIPAddresses": null,
            "IPAddress": "",
                    "IPAddress": "192.168.1.213",
root@HTPC:~# docker exec duplicati ping www.google.com
rpc error: code = 2 desc = containerd: container not started

 

This is the output of a different container I tried it on. Gives a different result.

 


root@HTPC:~# docker exec observium ping www.google.com
ping: unknown host www.google.com
root@HTPC:~# docker exec observium ping 8.8.8.8
connect: Network is unreachable

 

Can you also show the outputs of

docker ps -a

and

docker exec [container] ip route

 

The errors seem to be related to something else.

 

Also, your unraid server is in the same group of addresses you told docker to use.

This is not a problem yet, but could be when something decides to use the same address by chance (unless all your dockers will have static ips)

Edited by ken-ji
Link to post
1 hour ago, zin105 said:

The only things I see in that screenshot is that you have a manual WebUI adress and --restart on-failure?

Yes and look at your web ui link, it will not work with the [port] part, its needs a real link like mine. So just remove the brackets and the word port.

Edited by Porkie
Link to post

Did you add the mac address and ip of the container as a static ip in your router? Im using PFSense and I had to manually add them for them to show up in the dhcp leases. It might not even be that but worth a try. 

Link to post
  • 3 weeks later...

How would I change the commands in the OP if I wanted the IP range for my dockers to be from 192.168.1.224-192.168.1.254?  Is that possible?  Alternatively, how would the original commands change, and then the docker creation, if I wanted to use a static IP when creating a docker?

 

On May 1 a bunch of this stuff was said to be coming soon - presumably it has landed?  That isn't mentioned in this thread.  If so, in what version?

Link to post
11 minutes ago, wayner said:

How would I change the commands in the OP if I wanted the IP range for my dockers to be from 192.168.1.224-192.168.1.254?  Is that possible?  Alternatively, how would the original commands change, and then the docker creation, if I wanted to use a static IP when creating a docker?

 

On May 1 a bunch of this stuff was said to be coming soon - presumably it has landed?  That isn't mentioned in this thread.  If so, in what version?

6.4RC2 is the current version.

https://forums.lime-technology.com/topic/57823-unraid-os-version-640-rc-changes/

Edited by wgstarks
Link to post
2 minutes ago, wayner said:

ok thanks - I need the DVB build for my TV tuners so I will have to wait until it comes out and you get the DVB build done.

 

I thought the dvb builds where done. TBS closed source is dead if that is what you are waiting for. 

Link to post

No, I don't think I need that.  The main thing that I need from that build is the drivers for the Hauppauge HD-PVR and firewire.

 

I haven't updated for a bit so I am on 6.3.1.

Edited by wayner
Link to post
6 minutes ago, wayner said:

No, I don't think I need that.  The main thing that I need from that build is the drivers for the Hauppauge HD-PVR and firewire.

 

I haven't updated for a bit so I am on 6.3.1.

 

There was some support for the Hauppauge card in one of the builds. Don't remember if it was the Libreelec or open source TBS. 

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.