Allow containers on br0 to comunicate with the host


Recommended Posts

Hi,

 

I'm running containers (Docker) on all three docker networks: br0 (macvlan), host or bridge. The containers running on host or bridge docker network use port-mapping and the host's ip (10.1.1.99 for example). Those containers can 'talk' to each other and they can 'talk' to the host as expected. But the containers running on br0 (macvlan) network are isolated from the host or containers running on host or bridge networks. THIS IS NOT A BUG, BUT SECURITY FEATURE. That said in some cases you might want to able to communicate between br0 and the host.

 

There are two possible solutions:

1. Using "Macvlan 802.1q Trunk Bridge Mode" where the host and br0 use different VLANs and routing is provided by external router and your switch should support VLANs. This is the preferred method because provides the best security controls, but setting it up correctly is not as easy.

 

2. Creating Macvlan interface on the host itself. This is quite simple. Here is an example: http://blog.oddbit.com/2018/03/12/using-docker-macvlan-networks/

I have not tested it under Unraid, but I don't see any reason why should not work. The 'difficult' part would be to make the new Macvlan host interface and routing persistent.

 

My questions are:

1. Is it possible to create persistent Macvlan interface for Unraid host?

2. Are there other Unraid users interested in 'feature' like this? (build-in, plug-in or user-script?)

 

Thank you,

SAL-e

 

PS. Currently running Unraid 6.6.7.

  • Like 1
Link to comment
  • 11 months later...
  • 1 month later...
On 2/22/2020 at 7:41 AM, maciekish said:

I can confirm the new setting to allow custom networks to communicate with host fixes the issue. 

Can someone please tell me where this new setting is in Unraid 6.8.2?  I appear to be missing a step (or several) in having br0 communicate to bridge and host

Link to comment
7 minutes ago, Moose_Flunky said:

Can someone please tell me where this new setting is in Unraid 6.8.2?  I appear to be missing a step (or several) in having br0 communicate to bridge and host

Settings > Docker

Docker service must be stopped to make changes, Advanced View toggle (top right) must be enabled for setting to be visible.

  • Thanks 3
Link to comment
  • 2 years later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.