Launch Docker Image with external NIC (how to disable eth0 default?)

Intel

Intel

Explorer
Joined
Sep 30, 2014
Messages
51
I'm trying to spin up a container that has a single network interface (the bridge interface I added on the configuration panel).

What I am seeing is that my container has two networks, but the TrueNAS Core UI doesn't show 2 networks. Just the 1 'External interface' I added... there should be a button somewhere to disable the default docker network, no? but I digress.

Does anyone has any guidance on how I can reconfigure my container which currently is spinning up with a default 'eth0' virtual nic in addition to 'net0' which I added manually? I only want 'net0' to exist, so all my internet connections go thru it. I haven't found a way to blacklist eth0 traffic to avoid leaking towards the internet.
 
Intel

Intel

Explorer
Joined
Sep 30, 2014
Messages
51
After some more searching on this forum I see mention of kubernetes 'networkPolicies' - is this the place where I can block this pod/app from being able to reach the internet thru the kubernetes NIC?

As I said, I am successful at having the pod/app having 2 virtual NICs (one kubernetes native 172.16.0.0/16 and my TrueNAS br666 vlan nic), I basically want to blackhole kubernetes NIC on this pod/app so all internet connectivity uses the other NIC. It doesn't seem there is an easy straightforward way to setup this 'killswitch' or 'whitelist only network traffic' for the default 172.16.0.0 nic
 
M

morganL

Captain Morgan
Administrator
Moderator
iXsystems
Joined
Mar 10, 2018
Messages
2,694
Many apps have a separate administration interface and a service interface.... does this Aop not have that?
I'd suggest describing the App.. maybe there's some community experience that might be useful.
 
Intel

Intel

Explorer
Joined
Sep 30, 2014
Messages
51
morganL said:
Many apps have a separate administration interface and a service interface.... does this Aop not have that?
I'd suggest describing the App.. maybe there's some community experience that might be useful.
Click to expand...

So I launched a custom 'docker' instance app - an linux image that has network tools so I could learn how the networking stack of apps work. It's this one: https://hub.docker.com/r/nicolaka/netshoot

I also tried the 'qbittorrent' official app - I wanted the app to use TrueNAS Core interface br666 (bridge of 'vlan666@eth0' of the truenas host) but the official app doesn't offer any advanced networking options... the "Launch Docker Container" does give me it.

The only feature missing from "Launch Docker Container" menu is that there is no toggle to disable the container default NIC that it creates when it launches a container for me... but funny enough it launches the container with any number of custom network interfaces I want :P
 
M

morganL

Captain Morgan
Administrator
Moderator
iXsystems
Joined
Mar 10, 2018
Messages
2,694
Intel said:
So I launched a custom 'docker' instance app - an linux image that has network tools so I could learn how the networking stack of apps work. It's this one: https://hub.docker.com/r/nicolaka/netshoot

I also tried the 'qbittorrent' official app - I wanted the app to use TrueNAS Core interface br666 (bridge of 'vlan666@eth0' of the truenas host) but the official app doesn't offer any advanced networking options... the "Launch Docker Container" does give me it.

The only feature missing from "Launch Docker Container" menu is that there is no toggle to disable the container default NIC that it creates when it launches a container for me... but funny enough it launches the container with any number of custom network interfaces I want :P
Click to expand...
It is assumed the default interface is used for administration of the docker app... add extra network interfaces for any services needed.
 
T

TempleHasFallen

Dabbler
Joined
Jan 27, 2022
Messages
34
I'm also seeing that all outgoing traffic from apps is going through the SCALE IP and not the external interface one, which is extensively bad for classifying network traffic if having many clients...
Any update on your ticket @Intel ? Its private therefore I can't view it
 
Intel

Intel

Explorer
Joined
Sep 30, 2014
Messages
51
TempleHasFallen said:
I'm also seeing that all outgoing traffic from apps is going through the SCALE IP and not the external interface one, which is extensively bad for classifying network traffic if having many clients...
Any update on your ticket @Intel ? Its private therefore I can't view it
Click to expand...
iX hasn't triaged the bug yet. Someone did comment shortly after you posted this asking the ticket to be marked public.
 
You must log in or register to reply here.

Similar threads

H
Using External Network Interface With Launch Docker Image Prevents Container From Starting
Replies
3
Views
5K
HarryMuscle
H
rucarrol
Cannot set default IPv4 route on new container creation
Replies
0
Views
975
rucarrol
rucarrol
M
Fix Applications(docker) default route with external interfaces
Replies
3
Views
2K
murzik
M
N
Launch Certbot Docker Image
Replies
0
Views
1K
Nicolas987654321
N
S
How to "connect" docker containers while using the "Launch Docker Image"-functionality?
Replies
11
Views
5K
Flachzange
F
Top