Nano-uk Posted September 8, 2017 Share Posted September 8, 2017 Hi, I am trying to figure out how (if possible) to assign a dedicated IP address to my Plex docker. The reason for this is that I am running a pfsense router at home and this server is including all the traffic from my UNRAID server into a VPN and I'd like to have different IP addressees for my dockers so I can assign specific fiewall and NAT rules for them individually. I know I can do this using port mapping for incoming connections, but I want to be able to manage outgoing connections as well, for example if I want some specific docker to use a different default gateway to go out of my network or stuff like that. Is it possible to assign a different IP address to dockers at all? Thank you! Ignacio. Quote Link to comment
Helmonder Posted September 8, 2017 Share Posted September 8, 2017 Just now, Nano-uk said: Hi, I am trying to figure out how (if possible) to assign a dedicated IP address to my Plex docker. The reason for this is that I am running a pfsense router at home and this server is including all the traffic from my UNRAID server into a VPN and I'd like to have different IP addressees for my dockers so I can assign specific fiewall and NAT rules for them individually. I know I can do this using port mapping for incoming connections, but I want to be able to manage outgoing connections as well, for example if I want some specific docker to use a different default gateway to go out of my network or stuff like that. Is it possible to assign a different IP address to dockers at all? Thank you! Ignacio. It is possible in unraid 6.4, currently in beta. I was in the exact same situation as you and it works like a charm now.. Plex has its own IP address and is now bypassing the outgoing VPN. Quote Link to comment
Nano-uk Posted September 8, 2017 Author Share Posted September 8, 2017 9 minutes ago, Helmonder said: It is possible in unraid 6.4, currently in beta. I was in the exact same situation as you and it works like a charm now.. Plex has its own IP address and is now bypassing the outgoing VPN. Hi, thanks for the quick reply! Is the beta stable enough to justify upgrading the whole server? (I only have this one Unraid server with all my data). Thanks! Quote Link to comment
Squid Posted September 8, 2017 Share Posted September 8, 2017 2 hours ago, Nano-uk said: Is the beta stable enough to justify upgrading the whole server? (I only have this one Unraid server with all my data). I've been running it on my production server with no problems. I don't however use the new features of encryption / SSL access though (don't trust them yet in a production environment ) Quote Link to comment
unevent Posted September 8, 2017 Share Posted September 8, 2017 (edited) 3 hours ago, Nano-uk said: Hi, I am trying to figure out how (if possible) to assign a dedicated IP address to my Plex docker. The reason for this is that I am running a pfsense router at home and this server is including all the traffic from my UNRAID server into a VPN and I'd like to have different IP addressees for my dockers so I can assign specific fiewall and NAT rules for them individually. I know I can do this using port mapping for incoming connections, but I want to be able to manage outgoing connections as well, for example if I want some specific docker to use a different default gateway to go out of my network or stuff like that. Is it possible to assign a different IP address to dockers at all? Thank you! Ignacio. As mentioned by the others it is supported in the latest beta. If you don't want to go the beta route yet you can use Pipework Docker to accomplish what you are after. Install the correct version for your unRAID version then for each Docker you want to assign an IP, enable advanced mode, change network to 'none' and add the code below to the 'extra parameters' box specifying a unique IP/gateway and a unique valid fake MAC address. In pfSense, create a static DHCP lease for the MAC and IP configuration. Create an Alias in pfSense that contains all the IP addresses for the stuff you want to go through VPN and create your rules based on the Alias. extra parameters: -e 'pipework_cmd=br0 @CONTAINER_NAME@ 192.168.1.247/[email protected] fd:de:b4:99:56:1d' Copy in exactly as shown, including the ' ' and the "@CONTAINER_NAME@". Change the IP and gateway IP and the MAC address for your specific configuration. Best to have Pipework set to auto-start and verify it is started - view the log tail and verify 'start' is in the last entry. If not started, stop then start and verify again. After that you can crank up the remaining Dockers that use Pipework. Edited September 8, 2017 by unevent Quote Link to comment
ken-ji Posted September 9, 2017 Share Posted September 9, 2017 If you're using the latest stable (6.3.5) - Try using the builtin Docker capability for Dedicated IP addresses rather than the complicated Pipework - see: https://forums.lime-technology.com/topic/54882-630-how-to-setup-dockers-without-sharing-unraid-ip-address/ Quote Link to comment
CHBMB Posted September 10, 2017 Share Posted September 10, 2017 This is how I encrypted all my traffic and still got Plex working if that helps at all. https://www.linuxserver.io/2017/05/01/how-to-run-pfsense-with-pia-vpn-but-still-use-plex-remote-access/ Quote Link to comment
Helmonder Posted September 10, 2017 Share Posted September 10, 2017 The beta is running fine for many weeks over here.. However it IS still a beta.. So if you are cautious with that just hold on a little longer.. In a week or so I am expecting this to be released and you will have no more problems.. I just killed off my latest KVM and running Docker only.. No problems whatsoever. Quote Link to comment
CHBMB Posted September 10, 2017 Share Posted September 10, 2017 6 minutes ago, Helmonder said: In a week or so I am expecting this to be released and you will have no more problems. I think you're being optimistic..... 1 Quote Link to comment
wayner Posted September 12, 2017 Share Posted September 12, 2017 I have been waiting patiently for this as well as I will far prefer having each docker have its own IP as opposed to having to remember all of the ports required whenever I want to access the web UI for a docker. What was 8080 vs 7080 vs 6080? IP addresses will be easier, at least IMHO. And then you can enter all of the IPs in a hosts file and just use the docker name if you want Quote Link to comment
steve1977 Posted December 2, 2017 Share Posted December 2, 2017 I am running 6.4.0rc14. I would also love to assign a dedicated IP to one of the dockers? Possible and if so, how? Quote Link to comment
DZMM Posted December 2, 2017 Share Posted December 2, 2017 4 hours ago, steve1977 said: I am running 6.4.0rc14. I would also love to assign a dedicated IP to one of the dockers? Possible and if so, how? Click on 'Network Type' in the docker settings (may need advanced view) and then enter an IP address in the new field that appears below. Very simple. If you have a VLAN capable switch, you can also create VLANs in Settings/Network settings and then choose different VLANs e.g. I have deluge going down my VPN VLAN and nzbget not, as usenet is encrypted so I'm not wasting CPU cycles pushing it down the VPN Quote Link to comment
steve1977 Posted December 2, 2017 Share Posted December 2, 2017 thanks. i run a router vpn, so everything runs over vpn unless i exclude the ip. let me describe what i want to do: * sanzbd docker (want to exclude from vpn, but maybe remote access as web server) * nextcloud docker (need to forward port 80/443 to get this running) * in the future i may want to add deluge docker i have a reasonably modern asus router. is it possible to achieve? Quote Link to comment
DZMM Posted December 2, 2017 Share Posted December 2, 2017 If your router can decide to route via ip address then yes. For your remotely access needs look into the letsencrypt docker Quote Link to comment
steve1977 Posted December 2, 2017 Share Posted December 2, 2017 i’d still need to set each docker to a different IP? otherwise, i couldn’t have nextcloud listening to 80? Quote Link to comment
DZMM Posted December 2, 2017 Share Posted December 2, 2017 Yes. I'd use letsencrypt for remote access, rather than opening ports for nextcloud Quote Link to comment
steve1977 Posted December 2, 2017 Share Posted December 2, 2017 true true. to be precise, letsencrypt is the one listening on port 80/443. so, i need to open the ports for letsencrypt. for different reasons, i prefer not to run letsencrypt on 81/444. with unraid beta, i can now set it to 80/443 and give it its own IP. Quote Link to comment
steve1977 Posted December 3, 2017 Share Posted December 3, 2017 Two related questions: 1) Can I have two dockers share the same IP (a different one from unraid)? 2) Can I stop Unraid from listening on 80/443 and instead have Unraid listen on different ports? Quote Link to comment
DZMM Posted December 3, 2017 Share Posted December 3, 2017 (edited) 1. No and things would get messy if you did 2. Yes, go to settings/identification to change unraid ports. However, there's no need as unraid would listen on say 192.168.1.100:443 and le on whatever IP you assign e.g 192.168.1.101:443 Edited December 3, 2017 by DZMM Correction Quote Link to comment
steve1977 Posted December 3, 2017 Share Posted December 3, 2017 thanks. helpful as always. i followed some other advice on this forum to change the “go” file to change the unreif port. somehow didn’t do it right though. upon restart, i can no longer access the unraid gui. i can still ssh into it though. any thought what i bricked? Quote Link to comment
DZMM Posted December 3, 2017 Share Posted December 3, 2017 Sorry, no idea - never touched the go file. Quote Link to comment
steve1977 Posted December 3, 2017 Share Posted December 3, 2017 i changed it with nano and then changed it back. is there some command to “restart” the gui? actually, i followed the advice in the official unraid wiki. outdated? Quote Link to comment
steve1977 Posted December 3, 2017 Share Posted December 3, 2017 Got it working. Not sure what I have done differently, but now it works. Thanks! Quote Link to comment
bonienl Posted December 3, 2017 Share Posted December 3, 2017 5 hours ago, steve1977 said: i changed it with nano and then changed it back. is there some command to “restart” the gui? actually, i followed the advice in the official unraid wiki. outdated? With unRAID 6.4 port settings are no longer set in the go file, but under Settings -> Identification. Also unRAID 6.4 supports macvlan, which allows to assign different IP addresses to docker containers from the GUI. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.