Synology Docker network how to bridge Docker container to local network with macvlan network

-

Docker network how to bridge Docker container to a local network with macvlan network

MacVlan network, this will allow the containers to get a dedicated IP on the local network. This will solve:

  • no port clashes with Synology NAS as all ports will run only on dedicated IP.
  • Client IP's visible as we are part of the real network.
  • The container has its own IP we can reach -> almost like a VM but still a container
Few items you need for this.
  • You need to install Docker from the Package Center.
  • You need to enable "Open vSwitch"
  • You need to know the ovs switch name of your network interface.
  • You need to know the gateway IP.
  • You need to know the network class.
  • You need assig IP or block for the container.
  • you need assig the name for the new macvlan network interface.


1. Enable Open vSwitch

Under Control panel > Network > Network interface > Select LAN interface then click Manage, check Enable Open vSwitch then click OK.

2. Find ovs switch name, gateway, and network classes.  

Login SSH as root, and identify the ovs switch name use the following command.

ip route |grep default

ash-4.3# ip route |grep default

default via 192.168.1.1 dev ovs_eth0  src 192.168.1.100

In my caseovs_eth0 is switch name that I will use. the gateway IP is 192.168.1.1 and the network class 192.168.1.0/24.  I want to reserve IP 192.168.1.17-30 for my Docker containers.

https://www.calculator.net/ip-subnet-calculator.html?cclass=c&csubnet=28&cip=192.168.1.16&ctype=ipv4&printit=0&x=73&y=26
192.168.1.16/28 

3. Create macvlan interface
In my case the command looks like this, to create the Bridge2LAN network interface and available IPs 192.168.17-30

docker network create --driver=macvlan --gateway=192.168.1.1 --subnet=192.168.1.0/24 --ip-range=192.168.1.16/28 -o parent=ovs_eth0 Bridge2LAN

Next time when you create a new container just select the Bridge2LAN network and you will receive a local IP.

Exp.
Your network segment 192.168.1.X and your firewall 192.168.1.1 the parent interface is ovs_eth0. 
You want to create the new macvlan interface name Bridge2LAN and Docker containers can use IP from 192.168.1.2 - 254

 
docker network create --driver=macvlan --gateway=192.168.1.1 --subnet=192.168.1.0/24 --ip-range=192.168.1.1/24 -o parent=ovs_eth0 Bridge2LAN




Comments

  1. KHOI, Luong ThienDecember 15, 2021 at 7:14 PM

    I tried to create the Bridge2LAN network as your instruction, but unsucessfull. Here are the details.
    [1] My physical network ID: 192.168.0.0/24
    [2] My gateway: 192.168.0.1/24
    [3] My DHCP Server: 192.168.0.1/24
    [4] My DHCP Pool: 192.168.0.2 - 192.168.0.30
    [5] The network class I would like to use for Bridge2LAN: 192.168.0.32/28
    [6] The command I used to create Bridge2LAN:
    docker network create --driver=macvlan --gateway=192.168.0.1 --subnet=192.168.0.0/24 --ip-range=192.168.0.32/28 -o parent=ovs_eth0 Bridge2LAN

    And here are what I saw after joinning a container to Bridge2LAN network
    [7] The container assigned IP 192.168.0.32 (instead of 192.168.0.33/34/...)
    [8] The container did NOT have/show Published Ports
    [9] I can PING the IP 192.168.0.32 from my PC and others.

    Please help me to solve the issue [7] and [8].
    Thanks.

    ReplyDelete
    Replies
    1. EricDecember 16, 2021 at 9:43 AM

      Hi,

      Please use the commansd below to check the docker network

      List docker network
      "docker network ls"

      Show docker network interface detail
      "docker network inspect --verbose Bridge2LAN"
      my docker network shows in below

      docker network ls

      NETWORK ID NAME DRIVER SCOPE
      24eb8666246d Bridge2LAN macvlan local
      fbdec3848019 bridge bridge local
      eeb3a6907253 host host local
      dead22bb57a2 none null local


      docker network inspect --verbose Bridge2LAN

      [
      {
      "Name": "Bridge2LAN",
      "Id": "24eb8666246d9697a18203c8bb00d31de0cdd8cd41ce9b852eaa51d50c6785a7",
      "Created": "2021-03-26T10:27:24.4314729-05:00",
      "Scope": "local",
      "Driver": "macvlan",
      "EnableIPv6": false,
      "IPAM": {
      "Driver": "default",
      "Options": {},
      "Config": [
      {
      "Subnet": "192.168.1.0/24",
      "Gateway": "192.168.1.1"
      }
      ]
      },
      "Internal": false,
      "Attachable": false,
      "Ingress": false,
      "ConfigFrom": {
      "Network": ""
      },
      "ConfigOnly": false,
      "Containers": {},
      "Options": {
      "parent": "ovs_eth0"
      },
      "Labels": {}
      }
      ]


      Delete

Post a Comment

Popular posts from this blog

Extracting and using a modified VMWare Player BIOS or UEFI firmware

-
https://pete.akeo.ie/2011/06/extracting-and-using-modified-vmware.html Extracting and using a modified VMWare Player BIOS or UEFI firmware (updated 2016.05.17 for VMWare UEFI firmware extraction) One day or another, you may want to play with BIOS/UEFI firmware modification. But before jumping into physical motherboard flash alteration, where the consequences of a mishap can be difficult to salvage, experimenting with the BIOS/UEFI in a virtual environment sounds like a sound first step. You have of course the opportunity to do so using  bochs , however the ubiquitous nature and ease of use of the (freely available)  VMware Player  can turn the latter in a much better candidate for the job if you don't really care about the extra features that bochs brings in. This post details how one can extract the BIOS/UEFI firmwares used by the VMWare Player, and how to setup the player to use a modified one. Download and install VMware Player. The current version of VMwar...
Read more

Activate Synology Active Backup for Business for DSM 6

-
 Activate Synology Active Backup for Business with Xpenology DSM  https://gist.github.com/igresc/91e468f3d2ad5f2f7407262ba6f0dd56 Install the package and run the URL below on the browser . Active Backup for Business 1. Replace the IP, username, and password  http:// 192.168.0.1 :5000/webapi/auth.cgi?api=SYNO.API.Auth&method=Login&version=1&account= admin &passwd= password {"success":true} 2. Replace IP and Serial http:// 192.168.0.1 :5000/webapi/entry.cgi?api=SYNO.ActiveBackup.Activation&method=set&version=1&activated=true&serial_number= 1780PDN123456 {"data":{"activated":true},"success":true} Active Backup for G Suite 1. Replace IP http:// 192.168.0.1 :5000/webapi/entry.cgi?api=SYNO.ActiveBackupGSuite&method=get_activation&version=1 {"data":{"activated":false,"serial_number":"1780PDN123456"},"success":true} 2. Replace IP and Serial 1. Replace IP http:// 19...
Read more

Windows 11 internet/account bypass

-
Image
https://github.com/the-P1neapple/WinJS-Microsoft-Account-Bypass WinJS-Microsoft-Account-Bypass Overview This guide explains a method to bypass the Microsoft Account (MSA) requirement during the Windows 11 Out-Of-Box Experience (OOBE) by using the Developer Console to invoke a hidden local account setup screen. This method was discovered by examining the Windows 11 OOBE source code, which revealed an event listener for a hidden  _localAccountButton . Note A faster method has since been discovered using Command Prompt ( Source ), this repo was made 7 months prior to that discovery. The method I have documented is still the only known method for S-Mode installations. Following these steps, you can create a local account without needing to sign in with or create a Microsoft account. I also have a  Youtube Tutorial  that follows the same instructions below Steps to Bypass Microsoft Account Setup 1. Start Windows 11 Setup Begin the Windows 11 Setup Process. Select your region a...
Read more