Macvlan With Seperate VLAN Cannot See unRaid Host

[CrimsonTyphoon]

Maybe I am missing a silly, basic concept here but I cant figure this out! 

 

What I am looking for is dockers on my VLAN15 be able to communicate with my unRaid host. My understanding is that macvlan should allow this, because it is going from br0 <--> br1

 

• unRaid 6.4
  • Eth0: 192.168.7.251
  • Eth1: <No Assgined IP> (screenshot below)
    • VLAN Number: 15
    • Network Protocol: IPv4 Only
    • IPv4 address assignment: Automatic
    • IPv4 address: 192.168.15.2/24
    • IPv4 default gateway: 192.168.15.1
• pfSense router (192.168.7.1)
• Main network: 192.168.7.0/24
• VLAN15: 192.168.15.0/24

 

Interface eth1

 

If i setup a docker on the VLAN15 network (i.e. 192.168.15.11) it cannot communicate with other dockers on unRaid as host (192.168.7.251). I have the it enabled in pfSense (I want it so anything in VLAN15 goes out through my PIA VPN):

 

VLAN15_DOCKERS

 

LAN NET

 

For example, if I assign hydra2 to br1.15 with an IP address of 192.168.15.11, it can access the internet through PIA, see my network EXCEPT my unRaid host (192.168.7.251). It also cannot see unRaid on my VLAN network (192.168.15.2)

 

Help?

 

EDIT: I switched the network from br1.15 to br0. As expected, the container cannot see the host (192.168.7.66 cannot access unRaid at 192.168.7.251). This is the expected behavior of the macvlan drier

Edited January 21, 2018 by CrimsonTyphoon
More Info

[joelones]

I had to add a static route as such to get br1.10 to speak to br0 (in my case):

 

route add -net 192.168.15.0 netmask 255.255.255.0 gw 192.168.7.1

 

I'm also using pfSense and I've attached my rules for VLAN10:

 

 

[CrimsonTyphoon]

51 minutes ago, joelones said:

I had to add a static route as such to get br1.10 to speak to br0 (in my case):

 

route add -net 192.168.15.0 netmask 255.255.255.0 gw 192.168.7.1

 

 

 

BINGO it works! It half works. See post below

 

Now just need to tighten up security on the pfSense side and add this to run at docker launch.

 

Thanks again :-)

Edited January 22, 2018 by CrimsonTyphoon
Jumped the gun

[CrimsonTyphoon]

59 minutes ago, joelones said:

I had to add a static route as such to get br1.10 to speak to br0 (in my case):

 

route add -net 192.168.15.0 netmask 255.255.255.0 gw 192.168.7.1

 

I'm also using pfSense and I've attached my rules for VLAN10:

 

 

 

 

Alright I think i jumped the gun a little bit...

 

192.168.15.11 can see 192.168.77.51, but wont connect to any dockers. I'll explain:

• 192.168.15.11 (nzbhydra)  can connect to 192.168.7.251:32816 (unRaid/sabnzbd), but not the other way (192.168.7.251:32816 cannot ping/traceroute/etc 192.168.15.11)
• 192.168.7.251:32817 (unRaid/sonarr) cannot connect to 192.168.15.11 (hydra)

 

Quote

# sonnar container

root@bae1e7c4af8e:/# traceroute 192.168.15.11
 

1  172.17.0.1 (172.17.0.1)  0.074 ms  0.013 ms  0.010 ms
 2  192.168.7.1 (192.168.7.1)  0.319 ms  0.293 ms  0.276 ms
 3  * * *
 4  * * *

^C

 

I see its going over the docker interface (172.17.0.1) which is not I want.

 

I presume I need another static route, so I tried this:

Quote

route add -net 192.168.7.0 netmask 255.255.255.0 gw 192.168.15.1

 

Needless to say it didn't work :-(.

Edited January 22, 2018 by CrimsonTyphoon
Added traceroute

[joelones]

Yeah sounds like my case as well, where it seems to work in one direction. So what I did was put sonarr, hydra, deluge and sab on the vlan and kept kodi-headleas on the unraid host IP. Not sure what's your docker setup like, but in my case I only needed kodiheadless to speak to the unraid smb shares and sonarr to send the db updates to it. Seems to work ok but not too comfortable to the one way connection thing. I havent fully tested this setup as well...

 

Another thing that's weird with my setup is that i cannot select br0 for a network type for a docker, not sure what happened...

 

EDIT: seems like I had to delete the docker image and have it recreate br0 again..

Edited January 22, 2018 by joelones