(solved) help with external dockers / vlan


Recommended Posts

Hi folks - 

I'm new to vlans / managed switches and learning unraid so bare with me.  :)

 

Is there a version of this guide that deals with vlans with using multiple network cards?  

 

I have a 4 port intel nic so currently unraid sees eth0 - eth4.   Here is what I'm wanting to do (or something similar)

 

1) leverage eth4 physical network 

2) create a vlan off the eth4 interface

3) put external facing dockers on the vlan

 

I've tried various combinations of things on the router, managed switch and unraid.  So far the best i have gotten is eth4 was successful in getting a dhcp IP address defined for the vlan.  However doing so I can no longer reach unraid.  

Admittedly; I'm likely doing some things wrong here either within unraid or my managed switch.  Any coaching or guides would be helpful so i can accomplish my goal here.  Thanks in advance!

 

 

 

 

 

 

 

 

Edited by repomanz
Link to comment

First thing to remember is that isolation can be achieved with either a separate physical interface (eth) or a separate logical interface (vlan).

 

When you take eth4 out of the bonding group, it becomes available as a separate interface which can be configured under Network settings.

To make this an isolated interface only used for Docker, do the following:

1) Do NOT assign an IP address to eth4 (under network settings, choose "none")

2) Stop the docker service and under Docker settings assign the desired network and gateway and DHCP pool to eth4

 

After this start the docker service and each container can use eth4 as custom network, see container settings.

 

Is this what you want?

 

Ps. When you assign a new network to eth4, it must also be known on your router.

Edited by bonienl
Link to comment

Hi Bonienl - thanks for responding!

What about this? 

 

- remove eth4 vlan settings within unraid

- bridge eth4 nic

- assign port on managed switch eth4 is connected to to vlan 5

- create vlan 5 interface on router

Would I be able to put dockers on the bridged eth4 NIC as it's operating within the vlan 5 network?

Link to comment

- Yes, you can remove the VLAN from eth4 in Unraid.

- Yes, configure eth4 as bridge. Do not assign IP address to the interface, instead make network assignment under Docker settings for 'br4'

- Yes, configure the port on the switch to VLAN 5 (untagged)

- Yes, create VLAN 5 on the interface to the router. Make sure the interface is set for 'tagged' frames (=vlan5 needs to be added to the frame)

 

The above creates an isolated connection between your router and Unraid

Edited by bonienl
Link to comment

Hi Bonienl - with your help I believe we have success. :) 

I now have

- internal docker containers running on the trusted lan

- external docker containers running on eth4 / vlan 5

 

Confirmed routing on router also working lan to vlan, vlan to lan and vlan to inet.

 

Really appreciate you walking me through this.

Link to comment

Wanted to close this thread out / show my configuration in case someone runs across it

 

switch configuration,

- port 5 connected to eth4 on unraid nic

- port 1 connected to pfsense

 

image.png.d27da269d652c6009336acc82cf6eccc.png

 

image.png.3835e4819d9d36d34d00abc2b7460af7.png

 

eth4 NIC configuration on Unraid OS

image.thumb.png.5d06a4669184c09a5b0e0e2f6f24e660.png

 

docker configuration within Unraid OS

image.thumb.png.cfd325660d48c9ca281cac4c6d78fc7e.png

 

pfsense vlan interface

image.thumb.png.4a428ab8c701feb70022d0b142365ed4.png

 

image.thumb.png.d6d381398e39d33c3138bbab41865820.png

 

 

Link to comment
  • 1 year later...

Hi,

 

Was also looking into this and get the dockers to a vlan assigned with physical nic eth1 on vlan 30 and no vlan on eth0

I can acces them as long as i am with my computer within the iprange of the vlan.

 

But i don't get lan to vlan and vlan to lan to work so i can acces my dockers on vlan while my computer is on the lan network.

Can you please share how you got that working with your config as you say it works.

 

On 1/11/2019 at 2:40 AM, repomanz said:

Hi Bonienl - with your help I believe we have success. :) 

I now have

- internal docker containers running on the trusted lan

- external docker containers running on eth4 / vlan 5

 

Confirmed routing on router also working lan to vlan, vlan to lan and vlan to inet.

 

Really appreciate you walking me through this.

 

Thanxs in advance,

Nismanoku

Link to comment

I Tried a lot of googling sessions to get inter vlan routing to work, with many rules and nat outbound.

But my hairs on my head are slowly disappearing, so help needed and appreciated.

 

I have multiple nics on my unraid and want eth1 assigned to a vlan30, so i can guide my plex to an dedicated nic

But i need multiple computers to be able to connect to it from lan interface.

 

So maybe you can share your rules in pfsense so i can get it working

 

Thanxs in advance,

Nismanoku

Edited by Nismanoku
Added why
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.