I have some problems to understand how I can run multiple containers, each in a different vlan. I hope someone here can guide me to the right direction by the following example.
I’m running latest Truenas Scale in a network with VLAN’s. I’m not using truecharts, but just pulled in container images from docker hub and configuring them.
Truenas is in my server VLAN (#24). It has one network cable to a switch, which is enp0s20f0. In network interfaces I have created VLAN #23 which has enp0s20f0 as it’s parent and the vlan tag 23. I’m using Opnsense as well, which also have these vlan’s and does dns and dhcp.
On the switch, the port is untagged 24 and tagged 23.
In Apps => Settings => Advanced Settings, I have:
Node IP: 0.0.0.0
Route v4 interface: enp0s20f0
Route v4 Gateway: 192.168.24.1 (this in the ip-range of vlan 24)
Now the first container works. I want it to run in vlan 24 so in its configuration I have:
host interface: enp0s20f0
ip address: static
static ip: 192.168.24.24
I have to give it a static here, as the mac address will continuously change when the container is restarted so I can’t make it a reservation in opnsense dhcp server.
Now the problem is with the second container, which I want to run in VLAN 23. I can do:
host interface: vlan23
ipam type: use static
static ip: 192.168.23.10/0
Now it will start and assign itself this ip. It is also able to connect to the outside world, but the service it provides is not available to my network. (opnsense currently allows all vlan’s to connect to everything - as I’m still building up the network)
I guess I have to do something with a bridge, but can’t get it to work.
Any advise or links to examples are greatly appreciated!
It looks like you’re using the third octet in your addresses to match the vlan number. So:
192.168.23.0/24 is vlan 23
192.168.24.0/24 is vlan 24
etc.
Using /0 and /1 for your subnet masks won’t work (unless you’re doing some very non-standard subnetting!). You need to learn the basics of IPv4 networking before you start getting into vlans, tbh.
Briefly, though, a /24 network mask means the first 24 bits (or three octets) of the IP address are the network portion and the final 8 bits (or fourth octet) represent the host address. Using the private address range of 192.168.0.0/16 with a /24 network mask means you can have up to 256 networks (192.168.0.0/24 to 192.168.255.0/24) with up to 254 hosts in each network (assuming 256 addresses with one address each reserved for broadcast address and gateway).
That said, if you want to pass multiple vlans to your TrueNAS host and present them to different containers, the “one network cable to a switch” you mention will need to be a trunk port (configured on the switch) carrying all the vlans you require. Confgure this at the switch, then configure multiple virtual interfaces on the TrueNAS tagging their traffic for the required vlans.
Once you have the vlans available on the TrueNAS host you can start figuring out how to put the containers on them. This is definitely possible with kubernetes, but I’m not sure it’s exposed in the TrueNAS webui
Hi @pmh and @WiteWulf, thanks a lot for pointing this out! I’ll read these basics again, it is sometimes just too easy to try something and check if it works, but as you also noticed: that’s not the best way to do it
The switch port now has vlan 24 untagged and vlan 21 and 23 (which I want to use in containers too) tagged (as a trunk). I would like to have vlan 24 as tagged as well, but in that case I need to configure truenas to tag its packets with this vlan id. E.g. the webinterface, my smb shares, probably some other things. How an I make truenas do this? I only see some options in the webui and smb to bind to a specific ip, not to tag traffic with a vlan id? Or is the only solution to use two network cables? (which I could, as I have one unused port on the switch and 3 on the nas)
You create the VLAN as a new interface with tag 24 and the proper parent interface, then remove the IP address from the physical interface and place it on the VLAN.
now I have also been able to create a separate interface on the management vlan and use that for the web ui. And same for the samba shares to my internal (trusted) network.
