1
General Discussion / Really silly question - routing
« on: August 24, 2023, 12:03:00 pm »
I think I’m having one of those weeks where nothing works right!
I am playing around with Docker at the moment to see if there is viable reason to put Plex/Emby into isolated containers. Currently experimenting with networking.
I configured a macvlan network and managed to get it almost working (didn’t enable promiscuous mode on firewall) and I’ve been playing with IPVlan v3 networking now. No matter what I do, I can’t get internet traffic routing back to the subnet and it’s driving me nuts - I’m sure it’s something simple but I can’t figure it out…I’m hoping someone can help me feel silly!
I have a route setup on the firewall to push any traffic for the docker subnet to the host Ubuntu vm (vm it set as a gateway). I have also added a lan rule on the firewall to allow all traffic from the docker subnet to the internet from the lan interface. I can see in the logs that traffic is being allowed since I added this rule, and I can ping the firewall and all other devices on the lan from the container in the v3 ipvlan network. But if I ping a web address (Google for example), it resolves the name, I see the traffic being allowed in the fw logs….but no I no response back. From the ubuntu host it works fine.
Am I missing something obvious here?
I am playing around with Docker at the moment to see if there is viable reason to put Plex/Emby into isolated containers. Currently experimenting with networking.
I configured a macvlan network and managed to get it almost working (didn’t enable promiscuous mode on firewall) and I’ve been playing with IPVlan v3 networking now. No matter what I do, I can’t get internet traffic routing back to the subnet and it’s driving me nuts - I’m sure it’s something simple but I can’t figure it out…I’m hoping someone can help me feel silly!
I have a route setup on the firewall to push any traffic for the docker subnet to the host Ubuntu vm (vm it set as a gateway). I have also added a lan rule on the firewall to allow all traffic from the docker subnet to the internet from the lan interface. I can see in the logs that traffic is being allowed since I added this rule, and I can ping the firewall and all other devices on the lan from the container in the v3 ipvlan network. But if I ping a web address (Google for example), it resolves the name, I see the traffic being allowed in the fw logs….but no I no response back. From the ubuntu host it works fine.
Am I missing something obvious here?