Jump to content
repomanz

(solved) help with external dockers / vlan

6 posts in this topic Last Reply

Recommended Posts

Hi folks - 

I'm new to vlans / managed switches and learning unraid so bare with me.  :)

 

Is there a version of this guide that deals with vlans with using multiple network cards?  

 

I have a 4 port intel nic so currently unraid sees eth0 - eth4.   Here is what I'm wanting to do (or something similar)

 

1) leverage eth4 physical network 

2) create a vlan off the eth4 interface

3) put external facing dockers on the vlan

 

I've tried various combinations of things on the router, managed switch and unraid.  So far the best i have gotten is eth4 was successful in getting a dhcp IP address defined for the vlan.  However doing so I can no longer reach unraid.  

Admittedly; I'm likely doing some things wrong here either within unraid or my managed switch.  Any coaching or guides would be helpful so i can accomplish my goal here.  Thanks in advance!

 

 

 

 

 

 

 

 

Edited by repomanz

Share this post


Link to post

First thing to remember is that isolation can be achieved with either a separate physical interface (eth) or a separate logical interface (vlan).

 

When you take eth4 out of the bonding group, it becomes available as a separate interface which can be configured under Network settings.

To make this an isolated interface only used for Docker, do the following:

1) Do NOT assign an IP address to eth4 (under network settings, choose "none")

2) Stop the docker service and under Docker settings assign the desired network and gateway and DHCP pool to eth4

 

After this start the docker service and each container can use eth4 as custom network, see container settings.

 

Is this what you want?

 

Ps. When you assign a new network to eth4, it must also be known on your router.

Edited by bonienl

Share this post


Link to post

Hi Bonienl - thanks for responding!

What about this? 

 

- remove eth4 vlan settings within unraid

- bridge eth4 nic

- assign port on managed switch eth4 is connected to to vlan 5

- create vlan 5 interface on router

Would I be able to put dockers on the bridged eth4 NIC as it's operating within the vlan 5 network?

Share this post


Link to post

- Yes, you can remove the VLAN from eth4 in Unraid.

- Yes, configure eth4 as bridge. Do not assign IP address to the interface, instead make network assignment under Docker settings for 'br4'

- Yes, configure the port on the switch to VLAN 5 (untagged)

- Yes, create VLAN 5 on the interface to the router. Make sure the interface is set for 'tagged' frames (=vlan5 needs to be added to the frame)

 

The above creates an isolated connection between your router and Unraid

Edited by bonienl

Share this post


Link to post

Hi Bonienl - with your help I believe we have success. :) 

I now have

- internal docker containers running on the trusted lan

- external docker containers running on eth4 / vlan 5

 

Confirmed routing on router also working lan to vlan, vlan to lan and vlan to inet.

 

Really appreciate you walking me through this.

Share this post


Link to post

Wanted to close this thread out / show my configuration in case someone runs across it

 

switch configuration,

- port 5 connected to eth4 on unraid nic

- port 1 connected to pfsense

 

image.png.d27da269d652c6009336acc82cf6eccc.png

 

image.png.3835e4819d9d36d34d00abc2b7460af7.png

 

eth4 NIC configuration on Unraid OS

image.thumb.png.5d06a4669184c09a5b0e0e2f6f24e660.png

 

docker configuration within Unraid OS

image.thumb.png.cfd325660d48c9ca281cac4c6d78fc7e.png

 

pfsense vlan interface

image.thumb.png.4a428ab8c701feb70022d0b142365ed4.png

 

image.thumb.png.d6d381398e39d33c3138bbab41865820.png

 

 

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.