[SOLVED] Cannot access dockers using custom:br0

[deanosim]

So I'm having this problem, Unraid can't ping any of the docker containers that are getting an IP from the router on br0, and stopping the docker engine applying, disabling Host access to custom networks and applying, then re-enabling Host access to custom networks applying and then starting the docker engine. But it still doesn't work unraid just gets Destination host Unreachable. this also doesn't seem like a very good solution because it would just break any time you need to reboot the host.
Has no one found a real solution?

[Ockingshay]

@itimpi Can this thread's title be changed from "solved"?

 

I too just had this issue, @bonienl is this something that you have been able to look at/replicate/fix?

 

i am using the 6.10rc1 

Edited October 30, 2021 by Ockingshay

[ken-ji]

Please do realize that the thread is "solved" since its by docker design.

Docker will not allow the host to talk to containers that are bridged using macvlan (default)

I think 6.10rc1 allows ipvlan - which might work, so you should see if it solves the issue.

As for the issue with Docker host access shim failing, well, it should be discussed on a different thread as this one was just asking about access to containers on br0

 

[andreidelait]

I have two Unraid instances. One is at home and I use a few docker containers over br0 with IP Addresses from my local network (pi-hole, unifi-controller etc). And also one that I manage remotely for a friend. 

Both have the same settings as far as I can tell and both are on v6.9.2, but on his I cannot use any container on br0 what so ever.

The interesting part is that I have Host access to custom networks: Disabled and it still works.

On the other one I've tried Enabled or Disabled with no success.

Edited December 2, 2021 by andreidelait

[neuer_unraider]

On 10/30/2021 at 4:13 PM, ken-ji said:

Please do realize that the thread is "solved" since its by docker design.

How is this "solved" if it works when I enable this feature manually after startup?

It only doesn't work after a reboot when this option was enabled already because for whatever reason.

 

It's a feature implemented by Limetech for a reason and it works only in half of the cases.

 

How can this be submitted as a bug?

 

Running 9.10rc2

Edited February 21, 2022 by neuer_unraider
Added version

[ken-ji]

22 minutes ago, neuer_unraider said:

How is this "solved" if it works when I enable this feature manually after startup?

It only doesn't work after a reboot when this option was enabled already because for whatever reason.

 

It's a feature implemented by Limetech for a reason and it works only in half of the cases.

 

How can this be submitted as a bug?

 

Running 9.10rc2

I think when the thread was marked solved, we didn't have the host access setting yet. hence my comment.

I think the issue with the host access failing is due to a race condition that fails on certain cases (containers starting up before networking is ready?) @bonienl would have a better idea.

 

I do think enabling ipvlan on the latest versions would solve the issue with access over the same network interface. As for bug reports, just file one with the server diagnostics in both cases - working during startup and not to compare with.

 

[gacpac]

Oh wow,

Didn't know people were having issues with this. I'm sorry, but in fact if you want to let your dockers access host networks you should go to your dockers settings and check the option "allow access to host networks"



Sent from my Pixel 6 Pro using Tapatalk

[vakilando]

I'm also still randomly encountering this problem. This issue doesn't seem to be finally solved...

I have "Allow access to host networks" checked/active.

My Home Assistant Docker (host network) sometimes looses connection to some other docker containers on different vlans (e.g. ispyagentdvr on custom br0.6 network, motioneye on custom br0.5 network, frigate on custom br1.15 network).

Stopping and starting the docker service always solves this issue. A reboot of unraid sometimes solves this issue, sometimes it's raising this issue. I have two NICs and four VLANs.

[vakilando]

ok, just reopened this bug report with some more information:

 

...and I found this bug report concerning unraid 6.10-RC3:

 

Does somebody know if it occurrs in the latest 6.10 RC? 

[ramiro]

Had this bug on the released 6.10 today , very annoying especialy if you don't know about it and are looking everywhere why its not working.

[leawhig]

This question was solved?
But I checked "allow access to host networks" enable

It's still can't ping unraid to docker：

192.168.10.11      unraid

192.168.10.15     docker (br0)

 

"allow access to host networks" No use at all

 

Edited June 18, 2022 by wdnaser

[Healzangels]

Seem to be running into this issue? I enable the feature, needed to restart my system after confirming working and now back up and running and can't ping my containers. Anyone able to find a method of preventing this sans restarting the Docker service? Thanks!

[CptLoRes]

Same issue. Docker running Caddy (reverse proxy) on a custom network does not work after Unraid reboot, unless I stop and start the entire Docker service.

[sillstrybarn]

Just ran into this. Running 6.11.5.
But it took me like 2 hours before I found this thread and tested it.
Was checking all docker logs to find out what was wrong.
Then I saw that the problem was NPM could not route to dockers on br0. And after hours of googling, i found this thread. Thanks!

But would be nice to get this fixed.

I thought i broke something last night when I was fixing nextcloud php problem.

[sillstrybarn]

Same thing happened now after reboot. Cannot access dockers on br0 from NPM on my custom docker network. 

[Jclendineng]

just ran into this issue myself and posted a bug report

[Ricky Andrea]

Recently I cannot access my docker container that use network other than host network after every boot or the docker container restart after appdata backup process. After some digging I found out that the problem is ip forwarding being disabled, and i have to type "sysctl net.ipv4.conf.all.forwarding=1" everytime after reboot or after appdata backup process. This is so frustating. Does anyone have solution for this to make the ip forwarding permanent and not revert after every boot?
 

[pants]

On 3/22/2023 at 4:51 PM, Jclendineng said:

just ran into this issue myself and posted a bug report

In case others would like to add comments to the bug so that it gets more attention and is more likely to be fixed, I think the main report for the problem can be found here:

In the meantime, it looks like there is a patch that can be applied via a user script which I've copied below. It is described in more detail in this blog post and is discussed on reddit here (the original idea for the scripted fix seems to have come from this comment on another post in the Unraid forums): 

#!/bin/bash
ip link | grep 'shim-br0' &> /dev/null
if [ $? != 0 ]; then
   echo "No shim br0 found, creating it!"
   ip link add shim-br0 link br0 type macvlan mode bridge
   ip link set shim-br0 up
   ip route add 192.168.1.0/25 dev shim-br0 
   ip route add 192.168.1.128/25 dev shim-br0
else
   echo "shim-br0 network was found!"
fi

Note that you may need to change the IP range to match the subnet of your home network if you are using something other than 192.168.1.0/24

 

Edited April 12, 2023 by pants

[Gazeley]

Yeah this is an annoying one. Couldn't figure out why some of my Home Assistant integrations stopped working for quite a while until I found this thread. I had even double checked that Docker setting to make sure it was still enabled, and it was, so I had ruled this out completely.

 

Hope this is something can be fixed in an update soon

[TRusselo]

OMG..
THIS THREAD, he narrowed it down and has a quick-fix workaround.
 

 

tldr;
So after an unsafe shutdown, Docker setting "allow host to custom networks" might SAY enabled but isnt.

Disable docker, Enable docker..
everything works as it should again.

 

Just worked for me.
My home assistant on HOST, can once again see Pi-Hole & diyhue on br0.
guac can be accessed from outside network without hard codding the address in swag

Edited May 28, 2023 by TRusselo

[MisteR86NL]

tldr;
So after an unsafe shutdown, Docker setting "allow host to custom networks" might SAY enabled but isnt.

Disable docker, Enable docker..
everything works as it should again.

 

THANKS! I was wondering why, after an reboot of Unraid, my Wireguard wasn't working anymore.. took met 2 hours before ending up here in this topic. Reviewed Wireguard settings, firewall settings, docker settings, EVERYTHING. FML

[Skylord123]

Yeah unclean shutdown breaks this setting. I set this setting yesterday and everything was working until server crashed in the middle of the night and it stopped.

 

Just like others I had to disable docker and re-enable it. This is definitely a bug. Should not break from unclean shutdowns.

[aViN187]

so i read everythink and the related posts. 

 

i simply can't get it work, even with docker restart, enable host access and vice versa. 

 

"sysctl net.ipv4.conf.all.forwarding=1" does not solve it as asll. Even though the the IP adress from the custom bridge does look good. I'm not a linux expert, is there anything i can do to double check or try? I'm actually lost and don't know what to do anymore. I'm only able to run my dockers on br0 or on host, but not on my VLAN (30) br0.30.

 

Thanks for any kind of advice. I'm happy to provide more information, just let me know.

 

Maybe this helps as a start (br0.30 is my problem child)

Edited October 10, 2023 by aViN187

[ImSkully]

Stumbled into this just now and it was in fact due to the "Allow host to Custom Networks" docker setting being disabled after an unclean shutdown, even though it displays as being enabled.