I’ve got a bunch of apps running on truenas scale 25.04. They’re all reachable using the nas ip on individual ports. I recently set up a custom container using a macvlan nic, but for some reason the apps can’t reach it. I’m using a static ip in the container and the container can reach internet just fine. I can also connect to the container from anywhere on my local lan using the same subnet. None of the apps can reach the container however. It would be great if all the apps could use macvlan interfaces too, but I guess that’s only on the roadmap for now. How do I work around my issue in the meantime?
The other apps propably communicate via a shared internal docker network. If your custom app is not part of that network it’s isolated from them and therefore can’t communicate with them.
I managed to get around this by using my router (pfsense). Its dirty but works.
My issue was I had a Container running dockers, that needed access from NPM from the Apps docker network.
The problem is because they are 2 different networks, with further isolation due to the container being self contained the normal bridge method wouldnt work.
What I did instead, was created a NAT rule in pfsense that when my TrueNAS/NPM IP attempted to hit my router on a certain port, it would redirect it back to the container IP.
Basically instead of it attempting to direct route (and failing), it let the router do the route.
I am also wondering if I added static routes to my TrueNAS for the container/docker IPs if it would have forwarded properly. Things to test when I have more time I guess.
Woah! Talk about quick and dirty. There’s gotta be a better way. Adding Macvlan to the apps f.i.
Wouldn’t it be also possible to manually join the 2 container to a common network?
Should be doable via cli or you could install Portainer and do it from the Portainer gui
Thats a good question, like I said it may be possible with static routes but you cant have overlapping docker networks.
e.g. bridge network attached to both, say 10.100.10.1 for the host and 10.100.10.2 for the container
Add a route to 172.16.0.0/16 to go through 10.100.10.1 and vice versa for what ever networks are in the container
It should be enough to add an extra network to both container, for example internal_com with
docker network create internal_com
and then attach both container you want to it with
docker network connect internal_com container_name
Thsi should create a new internal docker network which lets the containers joined to it communicate with each other.
I am not sure you understand.
We are talking about a LXC/VM container, not a docker container. You can add that in the container, but the host isnt going to see it, let alone be able to attach docker containers to it.
Yeah, just realised, that op also meant lxc not docker container… my bad. When the tilte says app and custom container i was thinking about a custom docker container, not lxc