binarymelon Posted April 23, 2020 Share Posted April 23, 2020 (edited) I'm having a weird (to me at least) issue where I'm getting two devices registered with the same IP on my router (Unifi USG 3) after creating a container using the br0 network to assign it an IP on my LAN. After creating the container I have two devices with my server IP and 1 device with the docker IP. 1 of the duplicate IP devices corresponds with the br0 device on the server and the other with a shim-br0 device. Is there anyway I can resolve this? My ESET security software is getting duplicate IPs and ARP cache poisoning attacks warnings as a result. data-raven-diagnostics-20200423-1553.zip Edited April 23, 2020 by binarymelon Quote Link to comment
bonienl Posted April 23, 2020 Share Posted April 23, 2020 Under docker settings you need to set a DHCP pool for br0, which does not class with your router DHCP range. Quote Link to comment
binarymelon Posted April 24, 2020 Author Share Posted April 24, 2020 @bonienl Still seem to have the same issue. Quote Link to comment
bonienl Posted April 24, 2020 Share Posted April 24, 2020 Can you post new diagnostics Quote Link to comment
binarymelon Posted April 24, 2020 Author Share Posted April 24, 2020 Sure. data-raven-diagnostics-20200424-0923.zip Quote Link to comment
bonienl Posted April 24, 2020 Share Posted April 24, 2020 Under Docker settings, you have enabled "Host access to custom networks". This setting allows the host (unraid) to talk directly with docker containers on a custom (macvlan) network, which is normally prohibited by Docker. To get around this restriction a network trick is done and we let the host unraid participate in two networks simultaneously, which are actually one and the same network. E.g. there are the br0 and shim-br0 networks, and Unraid participates in both with the same host IP address. The shim-br0 network is used for direct container access and fools Docker in thinking it is a different network and granting access. Apparently, your secuirty software is seeing this as duplicates. The most simple way to solve the issue, is to disable the "host access" setting. You will loose direct host-to-container access, but is it really required? Otherwise you'll need to check your security software and let it understand these are different networks. Quote Link to comment
binarymelon Posted April 24, 2020 Author Share Posted April 24, 2020 The container I'm running with the br0 network is a dns server (pi hole). Will disabling 'host access' prevent the host from seeing the container on the lan, or just direct? Quote Link to comment
bonienl Posted April 24, 2020 Share Posted April 24, 2020 Pi-hole will keep on working perfectly alright for all the devices on your LAN, you don't need direct Unraid access for that. It is also recommended to set "regular" DNS server(s) for Unraid itself. Pi-hole will interfere with the operation of Unraid and can cause unexpected behavior. Quote Link to comment
binarymelon Posted April 24, 2020 Author Share Posted April 24, 2020 Ok, it seems to be working as expected now. I have another issue that's tangentially related. I'm also trying to setup a container (nginx) that has both br0 and bridge networks. It looks like there used to be a workaround that allowed this, that has since been "fixed". I'd like to be able to create custom dns entries in pi-hole that point to nginx that proxy to other containers on the bridge network. Here's an old thread with someone who was looking for a similar solution. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.