Jump to content
EMC

Virtual network bridge doesn't work with some docker containers

1 post in this topic Last Reply

Recommended Posts

Hello everyone,

 

I have a not too common unraid (6.6.7) server setup. I have a pf sense firewall running as a virtual machine with a dedicated pci e nic passed through to it. That serves as my router. I have been using this setup for months now without any problems, but there is something wrong in my setup, and that is that my host unraid server is connected to the virtual firewall via an external switch, so basically I have a cable coming out of my nic (witch is assigned to PS sense), going into an external switch, and then going back to my motherboards ethernet port.

This config was fine for me, but I am planing to upgrade to a 10 GB network between my pc and my server and I don't want 2 cables coming out of the server running to my pc so I want to pass the 10 GB nic to PfS as well. The problem is that if I want to have a connection to my server via the 10 GB link the same way I would have a buy 2 nic s (1 with 2 ports) for my server, assign the 2 port one to PfS, keep the 1 port one to unraid, and basically having them pluged into each other. That config would be more than stupid, so I came up with a solution.

I set up a virtual bridge between my PfS vm and the host. I disconnected the ethernet cable from the server and set up a route to my PfS firewall using the virbr0 interface, so my routing table looks like this:

610509063_routingtable.thumb.JPG.1c58ebeccbb97a3762860c07eff8eaf8.JPG

Most of the stuff works fine, I can access the web ui from any machine on the network, can transfer files, and my unraid server can access the internet with no problem as well.(I ran an iperf test between my PfS vm and the server and I was getting speed around 6-7 GB/s, so it would be enough for 10 GBe)

There is problem however with this config and that is that docker does not recognize virbr0 (my virual bridge) as an interface and this causes 2 main problems:

- As docker does not now what the machines IP address is, when I try to access a containers web ui it gives me a blank page, my port mappings looks like this:

port_mapping.JPG.fd6698d3d3ec4998b182d012ada2d3dd.JPG

(I have a reverse proxy set up with letsencrypt, so most of my containers are in a custom docker network, their custom ip shows up, but the host ip is blank, only the port is shown)

I can get around this issue by just typing my servers ip address in the browser manually and define the containers port, I can access the containers that way, and the containers can also access each other that way.

- My other problem is a bit more serious, as docker does not recognize the virtual network bridge, containers can't directly see them as well: 

ovpn.thumb.JPG.dad6cd66b5df373631553995a509f436.JPG

The pic above is my ovpn client servers network config, and it is seen that I can only select the containers own loopback interface, and the custom docker network for the server to listen on.

This issue also effects delugevpn as well (and any other container that has to know the machines ip, mostly VPNs).

So my question is:

If there a way to make docker detect the virtual bridge as a network interface, or to force it to use a pre set ip for the containers?

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now