network setup with VM and docker containers

[MeisterBob]

Hello,

I managed to setup my network so the apps and my homeassistant VM can be access by the LAN/WAN. To achieve this I disabled DHCP and removed the IP settings from the network interface (enp0s31f6) and created a bridge (br0) with dhcp enabled.

But now docker containers I run on the truenas host can't acces the network anymore:

Code:

meisterbob@truenas:~$ docker run --rm alpine ping google.de
ping: bad address 'google.de'
meisterbob@truenas:~$ docker run --rm alpine ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever

what can I do give network access to the container? Using --network host isn't a good option, because that causes conflicts with ports already in use by other apps.

 

[YJBeetle]

docker run --network=host --rm alpine ping google.de

 

[ian351c]

Here's what works for me (see attached screenshot).

 

[melonion]

Two questions here:
- br1 and br2 do not seem to be bridges of any port, as a port can only be bridge to one member and they are grey there
- can you access an app service from within a VM with this configuration?

 

[ian351c]

Hey there @meldalinn

This thread is about a year and a half old, and much development has taken place on TrueNAS SCALE since then. I went back to using TrueNAS CORE about a year ago as I needed something stable more than I needed the hyper converged features (docker and KVM). I'm not even sure it still works this way. All this is a long way of saying: you may want to start a new thread and document it as new issue.

But to address your questions:
- I don't really remember exactly how I set this up, but I believe that br1 and br2 are bridges of enp8s0. Bridge br1 is on a different Layer 3 network (i.e. it has a different IP network associated with it, so even though it is "bridged" at Layer 2, it doesn't talk to any other network directly). Interface br2 is set up the same way as br1. I assign my VMs IP addresses from the same network as enp1s0f0, which allows the VMs to talk to the rest of my physical network as well as the "Node IP" that is used as the address for all the Apps running on SCALE.
- Yes, my setup allowed me to access a SCALE App from a VM (see above).