Virtual network bridge doesn't work with some docker containers


EMC

Recommended Posts

Hello everyone,

 

I have a not too common unraid (6.6.7) server setup. I have a pf sense firewall running as a virtual machine with a dedicated pci e nic passed through to it. That serves as my router. I have been using this setup for months now without any problems, but there is something wrong in my setup, and that is that my host unraid server is connected to the virtual firewall via an external switch, so basically I have a cable coming out of my nic (witch is assigned to PS sense), going into an external switch, and then going back to my motherboards ethernet port.

This config was fine for me, but I am planing to upgrade to a 10 GB network between my pc and my server and I don't want 2 cables coming out of the server running to my pc so I want to pass the 10 GB nic to PfS as well. The problem is that if I want to have a connection to my server via the 10 GB link the same way I would have a buy 2 nic s (1 with 2 ports) for my server, assign the 2 port one to PfS, keep the 1 port one to unraid, and basically having them pluged into each other. That config would be more than stupid, so I came up with a solution.

I set up a virtual bridge between my PfS vm and the host. I disconnected the ethernet cable from the server and set up a route to my PfS firewall using the virbr0 interface, so my routing table looks like this:

610509063_routingtable.thumb.JPG.1c58ebeccbb97a3762860c07eff8eaf8.JPG

Most of the stuff works fine, I can access the web ui from any machine on the network, can transfer files, and my unraid server can access the internet with no problem as well.(I ran an iperf test between my PfS vm and the server and I was getting speed around 6-7 GB/s, so it would be enough for 10 GBe)

There is problem however with this config and that is that docker does not recognize virbr0 (my virual bridge) as an interface and this causes 2 main problems:

- As docker does not now what the machines IP address is, when I try to access a containers web ui it gives me a blank page, my port mappings looks like this:

port_mapping.JPG.fd6698d3d3ec4998b182d012ada2d3dd.JPG

(I have a reverse proxy set up with letsencrypt, so most of my containers are in a custom docker network, their custom ip shows up, but the host ip is blank, only the port is shown)

I can get around this issue by just typing my servers ip address in the browser manually and define the containers port, I can access the containers that way, and the containers can also access each other that way.

- My other problem is a bit more serious, as docker does not recognize the virtual network bridge, containers can't directly see them as well: 

ovpn.thumb.JPG.dad6cd66b5df373631553995a509f436.JPG

The pic above is my ovpn client servers network config, and it is seen that I can only select the containers own loopback interface, and the custom docker network for the server to listen on.

This issue also effects delugevpn as well (and any other container that has to know the machines ip, mostly VPNs).

So my question is:

If there a way to make docker detect the virtual bridge as a network interface, or to force it to use a pre set ip for the containers?

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.