2 NICs - 1 for unraid / 1 for docker image?!?


Gremmi

Recommended Posts

Hello again,

 

since I´m trying to install mailcow on unraid (without additional VM) I´m facing the next problem and hopefully you can give me a hind how to solve it ;)

 

What I´m trying:

 

* I have two NICs installed (see picture)

* One NIC should be used for the "internal" network. Unraid should be available only on this NIC

* Second NIC should be used for mailcow and is connected to the VLAN of my internet DMZ. The second NIC should only be available for mailcow running on docker

 

I chaned my NIC settings but in the moment I´m changing eth1 and saving the settings unraid is not available via network (ssh, web-gui). I found a video (thank you Spaceinvader) where I found the information "unraid is grabbing all network interfaces". He excluded the interface and used it for the VM he created.

 

Now my questions :):

 

* Do I have to do it the same way?

* Since I don´t have a VM where can I configure eth1 since unraid is not handling it anymore?

 

 

Thank you for your help .. and sorry for the bad picture ;)

 

 

unraid-mailcow.jpg

unraid-nics.jpg

Link to comment

If you have VLAN support on your switch, you can set it up like this

image.thumb.png.7d97021ddb8717dcd78cc7de0863de59.png

This will create subinterfaces eth0.x/br0.x (leaving bridging on is up to you as well as joining eth1). Then you configure the docker network on br0.x

image.thumb.png.9e07d1a3b48e01c961e8e568be1f2157.png

I just happen to have my nics split off and keep all my dockers on br1 (I set it up before the host access option for docker was there - haven't tested it if it'll work as like.)

So my docker containers (like my nginx reverse proxy)

image.thumb.png.ff1ff2ff60ca95c342d4ed30003a0c38.png

Link to comment

You need to configure the network of the docker container to the correct one - br0.14 in your case.

Also the docker network needs the correct gateway defined, otherwise docker will not be able to use it. - its 10.10.14.1 in your case.

You also might not want to set an IP address and gateway for the VLAN in the Unraid network settings, so that Unraid will not be present on that VLAN. (or confuse you as Unraid tries to figure out which interface its supposed to use to go out to the internet.)

Link to comment

I also found that you had to remove the IP address assignment in your VLAN settings

image.thumb.png.a4e3518723f04c1cc0325d0c6c161260.png

image.thumb.png.db79fe8f414d20535910e53d9b757902.png

This was the only way it would show up in the drop down box when adding new apps and selecting the interface!

 

39 minutes ago, ken-ji said:

so that Unraid will not be present on that VLAN.

Leaving out the IP assignment, Unraid webui has still assigned itself a DHCP address. I can see this in my unifi software. And its a random IP inside my DHCP pool aswell. Somewhere in the middle!!!

Link to comment

I will point out that this is my preferred setup that Unraid NAS + WebUI is only available on the main Network.

If necessary, assigning an IP (statically or via DHCP) on the VLANs is also ok, but most users seem to get confused when the Unraid networking doesn't seem to work properly - and this is usually because the default route to reach the internet is going via a different VLAN/network interface than expected.

I also use custom docker networks - since I need proper IPv6 support - though my Mikrotik router doesn't want to support DHCPv6, just SLAAC, and my ISP is doing fully dynamic /56 prefix allocation - which is a pain for Docker networks on IPv6

7 minutes ago, bdydrp said:

This was the only way it would show up in the drop down box when adding new apps and selecting the interface!

As long as the docker network is completely defined (subnet address and gateway) it will be available - your screen shots before did not have gateways assigned.

9 minutes ago, bdydrp said:

Leaving out the IP assignment, Unraid webui has still assigned itself a DHCP address. I can see this in my unifi software. And its a random IP inside my DHCP pool aswell. Somewhere in the middle!!!

I'll bet its because after configuring unraid not to get IP addresses for the VLANs, the lease is still considered live by your DHCP server. It should not be renewed after the typical 1day lease lifetime. Somewhere in the middle maybe typical depending on the DHCP server used. Some would do a hash of client MAC address and DUID to pick a suitable number in the leasing range. This means this host will likely get the same IP over and over (unless there are conflicts). Others just pick the next free and assign that.

Link to comment

Thank you guys .. I switched the IP4-assignment now to "NONE" and was able to set up the network manually in docker-settings. Now it´s also possible to type in a gateway.

 

Earlier I changed for testing the NGINX docker image to port 1480 and 1443 and it came up on the wrong ip (10.10.10.120). Now after the changes it uses 10.10.14.120 (perfect) but it fails on both ports:

Quote

tcp 10.10.14.120:1480: bind: cannot assign requested address

 

I can use every port I want to but it fails always. Something I forgot?

Link to comment
15 hours ago, ken-ji said:

'll bet its because after configuring unraid not to get IP addresses for the VLANs, the lease is still considered live by your DHCP server. It should not be renewed after the typical 1day lease lifetime. Somewhere in the middle maybe typical depending on the DHCP server used. Some would do a hash of client MAC address and DUID to pick a suitable number in the leasing range. This means this host will likely get the same IP over and over (unless there are conflicts). Others just pick the next free and assign that.

Must have been still live.

I've just checked unifi ui, and can no longer see unraid with a DHCP IP!!!!

Link to comment
  • 3 years later...

Hello, 

I am also attempting to configure this setup in the same instance. 

  • I have 2x gateways, with 2x NICs
  • NIC 1 = production LAN on a 10. address 
  • NIC 2 = second gateway on a 192 address

I would like the 10. address to talk to the docker on the 192. address so all traffic internally doesn't leave the LAN.

Currently I can get to the 192. docker only over the WAN from the 10. network
My switch does support VLANs I am not sure how to get this configuration operational so the docker on the 192. network can talk directly to the 10. network (2 different gateways) while keeping 192. talking to the outside world on that interface

Edited by bombz
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.