Duplicate server IP with docker br0 network


Recommended Posts

I'm having a weird (to me at least) issue where I'm getting two devices registered with the same IP on my router (Unifi USG 3) after creating a container using the br0 network to assign it an IP on my LAN.

 

After creating the container I have two devices with my server IP and 1 device with the docker IP.  1 of the duplicate IP devices corresponds with the br0 device on the server and the other with a shim-br0 device.  Is there anyway I can resolve this?  My ESET security software is getting duplicate IPs and ARP cache poisoning attacks warnings as a result.

data-raven-diagnostics-20200423-1553.zip

Edited by binarymelon
Link to comment

Under Docker settings, you have enabled "Host access to custom networks".

 

This setting allows the host (unraid) to talk directly with docker containers on a custom (macvlan) network, which is normally prohibited by Docker.

To get around this restriction a network trick is done and we let the host unraid participate in two networks simultaneously, which are actually one and the same network.

E.g. there are the br0 and shim-br0 networks, and Unraid participates in both with the same host IP address. The shim-br0 network is used for direct container access and fools Docker in thinking it is a different network and granting access.

 

Apparently, your secuirty software is seeing this as duplicates.

The most simple way to solve the issue, is to disable the "host access" setting. You will loose direct host-to-container access, but is it really required?

Otherwise you'll need to check your security software and let it understand these are different networks.

Link to comment

Pi-hole will keep on working perfectly alright for all the devices on your LAN, you don't need direct Unraid access for that.

 

It is also recommended to set "regular" DNS server(s) for Unraid itself.

Pi-hole will interfere with the operation of Unraid and can cause unexpected behavior.

Link to comment

Ok, it seems to be working as expected now.  I have another issue that's tangentially related.  I'm also trying to setup a container (nginx) that has both br0 and bridge networks.  It looks like there used to be a workaround that allowed this, that has since been "fixed".  I'd like to be able to create custom dns entries in pi-hole that point to nginx that proxy to other containers on the bridge network.  Here's an old thread with someone who was looking for a similar solution.

 

 

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.