Hoopster Posted October 23, 2019 Share Posted October 23, 2019 (edited) 20 hours ago, adminmat said: I tried this tonight but lost WebUI access (and all access) to my Plex Container. I've been running Plex just fine. From my secure LAN (VLAN10) desktop I can't ping Plex (192.168.50.3) or Docker (192.168.50.2) but I can ping the unRAID server (192.168.10.69). This is by design with macvlan. Anything on a bridged VLAN (br0.50 in your case) is isolated from the server subnet. You cannot ping from the .10 subnet (where your unRAID server resides) to an IP address on the .50 VLAN subnet (and vice versa) because of the network isolation of macvlan. Of course, docker containers on the same VLAN/subnet can ping each other. It is possible to set up static routes to overcome this and it may be discussed/documented somewhere in this or another thread, but I personally have no experience with doing that. I just run Plex in host networking mode on the unRAID IP and appropriate ports. I run some other docker containers on my docker VLAN (br0.3) that do not need direct access to the unRAID server. Edited October 23, 2019 by Hoopster Quote Link to comment
adminmat Posted October 23, 2019 Share Posted October 23, 2019 13 hours ago, Hoopster said: This is by design with macvlan. Anything on a bridged VLAN (br0.50 in your case) is isolated from the server subnet. You cannot ping from the .10 subnet (where your unRAID server resides) to an IP address on the .50 VLAN subnet (and vice versa) because of the network isolation of macvlan. Of course, docker containers on the same VLAN/subnet can ping each other. It is possible to set up static routes to overcome this and it may be discussed/documented somewhere in this or another thread, but I personally have no experience with doing that. I just run Plex in host networking mode on the unRAID IP and appropriate ports. I run some other docker containers on my docker VLAN (br0.3) that do not need direct access to the unRAID server. So how I understand your post: in order to access the Plex server locally from your PC, both Plex and the PC would have to be in the same Subnet / VLAN. And any IoT device accessing Plex would have to be on the same Subnet / VLAN. For example. I'd have to put my Roku, PC, phone, laptop (for viewing) and Plex all on the same Subnet / VLAN. I must understand you incorrectly for this seems quite limited and a security issue. Quote Link to comment
adminmat Posted October 23, 2019 Share Posted October 23, 2019 (edited) Update!!! Got it working. I forgot to add the VLAN number to the "vid" field on the Edgerouter's switch0 for the Switch's trunk port. As soon as I added 50 the Plex WebUI lit up. 🤘 Victory! I can also confirm that I CAN ping from my PC on VLAN10 to the Plex Container on VLAN50. Edited October 23, 2019 by adminmat Quote Link to comment
Hoopster Posted October 24, 2019 Share Posted October 24, 2019 (edited) 8 hours ago, adminmat said: So how I understand your post: in order to access the Plex server locally from your PC, both Plex and the PC would have to be in the same Subnet / VLAN. And any IoT device accessing Plex would have to be on the same Subnet / VLAN. For example. I'd have to put my Roku, PC, phone, laptop (for viewing) and Plex all on the same Subnet / VLAN. I must understand you incorrectly for this seems quite limited and a security issue. No, you don't have to have everything on the same subnet. I don't have everything that accesses Plex/unRaid on the same subnet. I was just addressing your specific issue of not being able to ping or access the Plex GUI between your .50 network and your unRAID (.10) network based on your configuration. That is normal unless, on the router/switch side you do some additional configuration (as you, apparently, discovered although yours was an easy fix). My router/switches automatically route all traffic between what they call "corporate" LANs unless firewall rules are created to prevent it. In my case, I do have Plex configured in host mode and in direct communication with unRAID, but, there are other docker containers not on that subnet that can communicate with devices on the unRAID server subnet. Sorry for the confusion. I did misstate one thing in my first post. The VLAN/Host separation is a Docker restriction, not a macvlan restriction, although, at the end of the day it is just semantics and there are ways around this with router/switch configuration. Edited October 24, 2019 by Hoopster Quote Link to comment
Lilarcor Posted November 22, 2019 Share Posted November 22, 2019 (edited) I have another question about vlan config. As I have many docker containers running, and I don't want each containers has different IP address.If I add vlan10 for unraid itself and give its ip 192.168.6.10, is it possible to let container to bind/listen the bridge to 192.168.6.10. If I select the default setting(bridge, not custom:br0.10), will it work? Edited November 22, 2019 by Lilarcor Quote Link to comment
Weavus Posted January 3, 2020 Share Posted January 3, 2020 Having trouble getting br0.5 showing up in the Docker 'Network Type' dropdown. I only see br0. Network Settings Enable VLANs: Yes VLAN number: 5 Interface description: Docker VLAN Network protocol: IPV4 Only IPv4 address assignment: Static IPv4 address: 192.168.5.0 IPv4 default gateway: 192.168.5.1 Routing Table IPv4 default 192.168.1.1 via br0 1 IPv4 default 192.168.5.1 via br0.5 2 IPv4 172.17.0.0/16 docker0 1 IPv4 192.168.1.0/24 br0 1 IPv4 192.168.5.0/24 br0.5 1 IPv6 ::1 lo 256 IPv6 fd00:0:0:1::/64 br0 256 Docker Settings Docker version: 18.09.6 Docker vDisk location: /mnt/cache/docker.img Default appdata storage location: /mnt/user/appdata/ Docker LOG rotation: Enabled Preserve user defined networks: No IPv4 custom network on interface br0: Subnet: 192.168.1.0/24 Gateway: 192.168.1.1 DHCP pool: 192.168.1.128/26 (64 hosts) IPv4 custom network on interface br0.5: Subnet: 192.168.5.0/24 Gateway: 192.168.5.1 DHCP pool: 192.168.5.128/26 (64 hosts) Docker Network LS NETWORK ID NAME DRIVER SCOPE 92afbb695547 br0 macvlan local 37e5ee6e805d bridge bridge local ea7a550c1b45 host host local bd960ef7eb26 none null local Any ideas why I can't see br0.5 in Docker network ls or the dropdown? I've tried running 'rm /var/lib/docker/network/files/local-kv.db; /etc/rc.d/rc.docker restart' but that didnt help. Any ideas? Quote Link to comment
jowe Posted January 3, 2020 Share Posted January 3, 2020 (edited) 23 minutes ago, Weavus said: Having trouble getting br0.5 showing up in the Docker 'Network Type' dropdown. I only see br0. Network Settings Enable VLANs: Yes VLAN number: 5 Interface description: Docker VLAN Network protocol: IPV4 Only IPv4 address assignment: Static IPv4 address: 192.168.5.0 IPv4 default gateway: 192.168.5.1 Routing Table IPv4 default 192.168.1.1 via br0 1 IPv4 default 192.168.5.1 via br0.5 2 IPv4 172.17.0.0/16 docker0 1 IPv4 192.168.1.0/24 br0 1 IPv4 192.168.5.0/24 br0.5 1 IPv6 ::1 lo 256 IPv6 fd00:0:0:1::/64 br0 256 Docker Settings Docker version: 18.09.6 Docker vDisk location: /mnt/cache/docker.img Default appdata storage location: /mnt/user/appdata/ Docker LOG rotation: Enabled Preserve user defined networks: No IPv4 custom network on interface br0: Subnet: 192.168.1.0/24 Gateway: 192.168.1.1 DHCP pool: 192.168.1.128/26 (64 hosts) IPv4 custom network on interface br0.5: Subnet: 192.168.5.0/24 Gateway: 192.168.5.1 DHCP pool: 192.168.5.128/26 (64 hosts) Docker Network LS NETWORK ID NAME DRIVER SCOPE 92afbb695547 br0 macvlan local 37e5ee6e805d bridge bridge local ea7a550c1b45 host host local bd960ef7eb26 none null local Any ideas why I can't see br0.5 in Docker network ls or the dropdown? I've tried running 'rm /var/lib/docker/network/files/local-kv.db; /etc/rc.d/rc.docker restart' but that didnt help. Any ideas? I have set up my VLAN in network settings (without a static IP for unraid server) Then stop docker go to settings / docker, advanced view, and there you should be able to choose vlans for docker. And after that, see them in every container. Edited January 3, 2020 by jowe Quote Link to comment
Weavus Posted January 3, 2020 Share Posted January 3, 2020 (edited) 35 minutes ago, jowe said: I have set up my VLAN in network settings (without a static IP for unraid server) Then stop docker go to settings / docker, advanced view, and there you should be able to choose vlans for docker. And after that, see them in every container. I have the VLAN listed in my Docker settings as shown above and br0.5 is listed on the Docker settings page. However Docker network ls or the 'Network Type' dropdown on container templates is not showing it. Edited January 3, 2020 by Weavus Quote Link to comment
jowe Posted January 3, 2020 Share Posted January 3, 2020 (edited) 38 minutes ago, Weavus said: I have the VLAN listed in my Docker settings as shown above and br0.5 is listed on the Docker settings page. However Docker network ls or the 'Network Type' dropdown on container templates is not showing it. That's strange. I just tried to enable/disable br0, and if i mark the checkbox, and start Docker. It's instantly showing up as a choice in any container. Or disappear if i disable the checkbox. br0 is not a vlan, all other are. Edited January 3, 2020 by jowe Quote Link to comment
bonienl Posted January 5, 2020 Author Share Posted January 5, 2020 On 1/3/2020 at 3:51 PM, Weavus said: Having trouble getting br0.5 showing up in the Docker 'Network Type' dropdown. I only see br0. Can you post a screenshot of your network settings and a screenshot of your Docker settings (docker service stopped and advanced view) Quote Link to comment
Weavus Posted January 6, 2020 Share Posted January 6, 2020 14 hours ago, bonienl said: Can you post a screenshot of your network settings and a screenshot of your Docker settings (docker service stopped and advanced view) As requested. Thanks. Quote Link to comment
noski Posted March 19, 2020 Share Posted March 19, 2020 (edited) On 1/4/2020 at 2:37 AM, Weavus said: I have the VLAN listed in my Docker settings as shown above and br0.5 is listed on the Docker settings page. However Docker network ls or the 'Network Type' dropdown on container templates is not showing it. I have the same problem. Did you find a solution? Edited March 19, 2020 by noski Quote Link to comment
NKnusperer Posted March 29, 2020 Share Posted March 29, 2020 On 1/3/2020 at 4:37 PM, Weavus said: I have the VLAN listed in my Docker settings as shown above and br0.5 is listed on the Docker settings page. However Docker network ls or the 'Network Type' dropdown on container templates is not showing it. Same here Any progress? Quote Link to comment
ken-ji Posted March 29, 2020 Share Posted March 29, 2020 @noski @NKnusperer Did you add the network to the Docker settings? Make sure to have the array stopped and to toggle the Advanced view in the upper right corner. Quote Link to comment
NKnusperer Posted March 29, 2020 Share Posted March 29, 2020 (edited) 33 minutes ago, ken-ji said: @noski @NKnusperer Did you add the network to the Docker settings? Make sure to have the array stopped and to toggle the Advanced view in the upper right corner. RESOLVED ! The problem was that I entered the wrong Gateway IP in the Docker settings. This is correct: Quote Subnet: 192.168.50.0/24 Gateway: 192.168.50.1 However I used 192.168.1.1 as Gateway. Edited March 29, 2020 by NKnusperer Quote Link to comment
ssnow Posted June 6, 2020 Share Posted June 6, 2020 On 1/6/2020 at 6:31 AM, Weavus said: As requested. Thanks. I know this is old and not sure if you got it fixed, but noticed your static IP assignment for VLAN 5 is invalid. Can't use .0 for a host in a /24 subnet. Quote Link to comment
loheiman Posted June 8, 2020 Share Posted June 8, 2020 (edited) Is it possible to leave the Unraid GUI and Unifi docker container on VLAN 1 untagged and have all the other docker containers on another VLAN and have those other docker containers share the same IP address? I want to avoid having to update the IP address of each docker to docker connection with a unique IP address and would like to reduce the noise when viewing my Router's DHCP lease table (and not see a client for each docker container). Edited June 8, 2020 by loheiman Quote Link to comment
wgstarks Posted February 3, 2022 Share Posted February 3, 2022 I know this thread is very old but I haven’t found any other discussions along these topics. I have read through it and am left with a couple of questions I’m hoping someone can answer. 1. In @bonienl’s original post he mentions that it’s also possible to use spare ethernet ports on the unRAID server to accomplish this but doesn’t give any details on that procedure. I don’t have any current plans to do this but would like to know how just in case? 2. Is it possible to add dockers and VMs to the same VLAN? I have created a security camera VLAN and added my Frigate docker to it but would also like to add my Home Assistant VM to the same VLAN. Maybe 2 bridges both assigned to the same VLAN? 3. Is the number of VLAN and bridge assignments limited? I can see that it might be useful to have several different VLANs for dockers to be grouped. Quote Link to comment
Ademar Posted February 4, 2022 Share Posted February 4, 2022 23 hours ago, wgstarks said: 2. Is it possible to add dockers and VMs to the same VLAN? I have created a security camera VLAN and added my Frigate docker to it but would also like to add my Home Assistant VM to the same VLAN. Maybe 2 bridges both assigned to the same VLAN? 3. Is the number of VLAN and bridge assignments limited? I can see that it might be useful to have several different VLANs for dockers to be grouped. 2. Yeah, no reason that should be a problem. The original post is very old, I see the UI is different now, do you see how you can add them to the same? 3. The 802.1Q standard allows for 4096 VLANs, I assume the limit in unraid isn't lower than that. I don't know anything about bridge assignments, that doesn't apply to VLANs on my machine (again, five year old post). Quote Link to comment
wgstarks Posted February 4, 2022 Share Posted February 4, 2022 2 hours ago, Ademar said: 2. Yeah, no reason that should be a problem. The original post is very old, I see the UI is different now, do you see how you can add them to the same? I haven’t had a chance to give this a try. Maybe it’s possible to just assign the VM to the same bridge as the dockers are using? 2 hours ago, Ademar said: 3. The 802.1Q standard allows for 4096 VLANs, I assume the limit in unraid isn't lower than that. I don't know anything about bridge assignments, that doesn't apply to VLANs on my machine (again, five year old post). Doubt I’ll ever need more than 5 or 6. 😁 Quote Link to comment
ken-ji Posted February 6, 2022 Share Posted February 6, 2022 (edited) 1. This is possible. As long as the Spare interfaces are configured without IP addresses, network isolation on those interfaces is enforced, though on the IP level only 2. I rarely do it since my config uses br1.3 for my docker containers, and my VMs on br0.3, but nothing is preventing the VM and docker container from sharing the same bridge interface. My Docker container: My VM From the VM Edited February 6, 2022 by ken-ji 1 Quote Link to comment
wgstarks Posted February 6, 2022 Share Posted February 6, 2022 3 hours ago, ken-ji said: 2. I rarely do it since my config uses br1.3 for my docker containers, and my VMs on br0.3, but nothing is preventing the VM and docker container from sharing the same bridge interface. Thanks. I have a camera VLAN setup so that I can isolate them. Running Home Assistant in a VM that I want to add to the same VLAN just to minimize router traffic. I’ll just have to setup some special pass rules in pfsense for it since it will need internet access. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.