CrimsonTyphoon Posted January 21, 2018 Share Posted January 21, 2018 (edited) Maybe I am missing a silly, basic concept here but I cant figure this out! What I am looking for is dockers on my VLAN15 be able to communicate with my unRaid host. My understanding is that macvlan should allow this, because it is going from br0 <--> br1 unRaid 6.4 Eth0: 192.168.7.251 Eth1: <No Assgined IP> (screenshot below) VLAN Number: 15 Network Protocol: IPv4 Only IPv4 address assignment: Automatic IPv4 address: 192.168.15.2/24 IPv4 default gateway: 192.168.15.1 pfSense router (192.168.7.1) Main network: 192.168.7.0/24 VLAN15: 192.168.15.0/24 Interface eth1 If i setup a docker on the VLAN15 network (i.e. 192.168.15.11) it cannot communicate with other dockers on unRaid as host (192.168.7.251). I have the it enabled in pfSense (I want it so anything in VLAN15 goes out through my PIA VPN): VLAN15_DOCKERS LAN NET For example, if I assign hydra2 to br1.15 with an IP address of 192.168.15.11, it can access the internet through PIA, see my network EXCEPT my unRaid host (192.168.7.251). It also cannot see unRaid on my VLAN network (192.168.15.2) Help? EDIT: I switched the network from br1.15 to br0. As expected, the container cannot see the host (192.168.7.66 cannot access unRaid at 192.168.7.251). This is the expected behavior of the macvlan drier Edited January 21, 2018 by CrimsonTyphoon More Info Quote Link to comment
joelones Posted January 22, 2018 Share Posted January 22, 2018 I had to add a static route as such to get br1.10 to speak to br0 (in my case): route add -net 192.168.15.0 netmask 255.255.255.0 gw 192.168.7.1 I'm also using pfSense and I've attached my rules for VLAN10: 1 Quote Link to comment
CrimsonTyphoon Posted January 22, 2018 Author Share Posted January 22, 2018 (edited) 51 minutes ago, joelones said: I had to add a static route as such to get br1.10 to speak to br0 (in my case): route add -net 192.168.15.0 netmask 255.255.255.0 gw 192.168.7.1 BINGO it works! It half works. See post below Now just need to tighten up security on the pfSense side and add this to run at docker launch. Thanks again :-) Edited January 22, 2018 by CrimsonTyphoon Jumped the gun Quote Link to comment
CrimsonTyphoon Posted January 22, 2018 Author Share Posted January 22, 2018 (edited) 59 minutes ago, joelones said: I had to add a static route as such to get br1.10 to speak to br0 (in my case): route add -net 192.168.15.0 netmask 255.255.255.0 gw 192.168.7.1 I'm also using pfSense and I've attached my rules for VLAN10: Alright I think i jumped the gun a little bit... 192.168.15.11 can see 192.168.77.51, but wont connect to any dockers. I'll explain: 192.168.15.11 (nzbhydra) can connect to 192.168.7.251:32816 (unRaid/sabnzbd), but not the other way (192.168.7.251:32816 cannot ping/traceroute/etc 192.168.15.11) 192.168.7.251:32817 (unRaid/sonarr) cannot connect to 192.168.15.11 (hydra) Quote # sonnar container root@bae1e7c4af8e:/# traceroute 192.168.15.11 1 172.17.0.1 (172.17.0.1) 0.074 ms 0.013 ms 0.010 ms 2 192.168.7.1 (192.168.7.1) 0.319 ms 0.293 ms 0.276 ms 3 * * * 4 * * * ^C I see its going over the docker interface (172.17.0.1) which is not I want. I presume I need another static route, so I tried this: Quote route add -net 192.168.7.0 netmask 255.255.255.0 gw 192.168.15.1 Needless to say it didn't work :-(. Edited January 22, 2018 by CrimsonTyphoon Added traceroute Quote Link to comment
joelones Posted January 22, 2018 Share Posted January 22, 2018 (edited) Yeah sounds like my case as well, where it seems to work in one direction. So what I did was put sonarr, hydra, deluge and sab on the vlan and kept kodi-headleas on the unraid host IP. Not sure what's your docker setup like, but in my case I only needed kodiheadless to speak to the unraid smb shares and sonarr to send the db updates to it. Seems to work ok but not too comfortable to the one way connection thing. I havent fully tested this setup as well... Another thing that's weird with my setup is that i cannot select br0 for a network type for a docker, not sure what happened... EDIT: seems like I had to delete the docker image and have it recreate br0 again.. Edited January 22, 2018 by joelones Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.