After changing the Network to use a bridge (to connect a VM to my docker containers) some traffic gets blocked. Afterreversing the changes issues still persist

Christian · August 6, 2025, 7:30pm

Hello, I am Running HomeAssistant as a VM on Truenas 25.04.02 with Music Assistant as a Container on it. To make it possible for HomeAssistant to talk to my Apps ive configured a bridge Network. That all worked mostly without issues except that Music assistant couldnt connect to Librespot for streaming anymore (i.e some Traffic gets blocked by the Bridge). Changing back to NAT didnt fix that issue. Is there a way to check if some settings have changed in the firewall or something? Connecting to the Spotify API still works so it doesnt block traffic alltogether.

If you need anymore info ill do my best to provide it and thanks in advance

Edit:

I also ran a Docker Container version of Music assistant which also started encountering the same issue after the bridge configuration i.e. no music streaming from spotify.

swc-phil · August 6, 2025, 7:56pm

Hi.

How exactly do you check connection? What do your URLs look like?

Christian · August 6, 2025, 8:03pm

I am a little confused what you mean. The HomeAssistant VM has ist own ip adress. The Music Assistant instance works via internal portforwarding in the VM

swc-phil · August 6, 2025, 8:11pm

And then

I assume that Librespot is a container/app (that is running on TrueNAS itself, not in a VM). How are you trying to connect to it?

Christian · August 6, 2025, 8:16pm

Oh, now i understand and i think i didnt explain correctly: Librespot is a python module which tries to connect to spotify. Its acting as a spotify connect device and connecting encrypted via https. The problem is that its not responding i.e. the connection to spotify doesnt work

It should be some kind of Firewall setting or something that changed bc of the bridge configuration

swc-phil · August 6, 2025, 8:40pm

Ok. I assume that Librespot is inside the VM. Am I correct?

Print the outputs of the ip a command on TrueNAS and on the VM.

Christian · August 6, 2025, 8:51pm

Put them into text files to declutter the Feed

VMIP.txt (3.2 KB)
TruenasIP.txt (1.9 KB)

swc-phil · August 6, 2025, 9:03pm

And ip r, please. Or ip r | grep ^def.

Christian · August 6, 2025, 9:10pm

TrueNasIPR.txt (655 Bytes)
VMIPR.txt (261 Bytes)

swc-phil · August 6, 2025, 9:17pm

Is your VM using incusbr0? Do you want that host (truenas) and VM to be using the same NIC?

Christian · August 6, 2025, 9:25pm

I want the Host and the VM to use the same NIC, yes.

incusbr0 seems to exist, but im running the VM via libvrt

Its currently using macvtap1

swc-phil · August 6, 2025, 9:34pm

Okay. Your setup has multiple issues:

Using 100.*.*.* as private addresses. While it can work, the actual public resources with such IPs can be unavailable. You should change them to the correct ones.
NIC itself don’t have to has an IP address. It should be just a part of the bridge. Bridge itself must have the IP. This IP would be an address of TrueNAS.

Christian · August 6, 2025, 9:38pm

About the 100. Thats generally because i am in quite a big network that i dont administrate. So sadly cant change that.

I can Reconfigure a bridge that has the IP, but that broke things in the first place

swc-phil · August 6, 2025, 9:39pm

Is your NIC a member of this bridge?

My understandings of the bridges described in this post:

Christian · August 6, 2025, 9:41pm

When i configured the bridge, yes, it was. ATM this bridge doesnt exist as i deleted it.

swc-phil · August 6, 2025, 9:44pm

Well, if these are actually private addresses, then this setup is asking for trouble. If these are actually public addresses, then… your company is wealthy enough to troubleshoot your network setup .

Christian · August 6, 2025, 9:45pm

Those are Private Adresses

But im quite sure the issue is in the internal Network setup of Truenas as the issue only came up when i configured an internal bridge

swc-phil · August 6, 2025, 10:05pm

Just to sum up. IMO, you should:

Create (or use an existing) brigde.
Set the IP to this bridge. This would be the IP of TrueNAS.
Add NIC as a bridge member.
Remove IP from this NIC.
Now you can check connectivity for your truenas.
Specify this bridge as the VM’s NIC.
Set the IP inside the VM.
Set the default gateway on both truenas and VM.
If IPs from the same subnet were used, then truenas and VM can “talk” to each other. If not – you better know what you were doing.
Both truenas and VM should have inet access.

Christian · August 6, 2025, 10:13pm

1-4. The bridge exists and Truenas and the VM can talk to each other.
5-6 I aslo did when first setting up the bridge (did that again now)
7. The IP of the VM is inside the same Adress-Range as the Bridge
8. They use the same default gateway
9. They can talk to each other
10. both have and always hat inet access

The issue is not the bridge itself, its that it seems to break Music Assistant by blocking certain traffic

If the bridge is configured it can stream music from my Jellyfin Instance, but it cant stream from Spotify

swc-phil · August 6, 2025, 10:25pm

Well, if some Spotify servers have 100.*.*.* IPs… But it’s probably not the case.

If your other connections are good, why do you think that the issue is within the bridge’s network settings?