My docker container sits on a different subnet and VLAN to my docker host.
Docker host 192.168.5.201
Subnet mast 255.255.255.0
Default Gateway 192.168.5.1
VLAN 0
I need to place my TVheadend container on a different subnet so that the containers IP address sits on
TVheadend container 192.168.30.201
Subnet mast 255.255.255.0
Default Gateway 192.168.30.1
VLAN 300
TVHeadend works fine and with it being on VLAN300 with the 192.168.30.201 IP address I can use policy based routing on my router to send traffic via a different VLAN route. I can connect to it from all hosts on my network EXCEPT the docker host itself, The problem being that I need to connect to port 9981 on the container from the host to access the API of the web interface.
When I try to ping the address (which also has a DNS name of tvh.lan) I get the following:
ping tvh.lan
PING tvh.lan (192.168.30.201) 56(84) bytes of data.
From tvhdocker.lan (192.168.30.130) icmp_seq=1 Destination Host Unreachable
From tvhdocker.lan (192.168.30.130) icmp_seq=2 Destination Host Unreachable
From tvhdocker.lan (192.168.30.130) icmp_seq=3 Destination Host Unreachable
Now I believe the issue is that the host sits on the other sunset and the docker host has no route. It tries to use its local private IP which causes issues as the private IP address are not accessible.
Here is an extract of the relevant sections of my docker-compose.yml:
docker-compose.yml (extracts)
version: '3'
services:
tvheadend:
image: lscr.io/linuxserver/tvheadend:latest
container_name: tvheadend
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/London
- RUN_OPTS=
#- RUN_OPTS=--bindaddress 192.168.5.201 --http_port 192.168.5.201:9981 --htsp_port 192.168.5.201:9982
#- RUN_OPTS=--http_port 9983 --htsp_port 9984
volumes:
- /mnt/usbhdd/pvr/config:/config
- /mnt/usbhdd/pvr/recording:/recording
- /mnt/usbhdd/pvr/m3u:/m3u
- /mnt/usbhdd/pvr/timeshift:/timeshift
- /mnt/usbhdd/pvr/scripts:/scripts
ports:
- 9981:9981
- 9982:9982
# - 192.168.5.201:9981:9981
# - 192.168.5.201:9982:9982
networks:
lanvpn:
ipv4_address: "192.168.30.201"
devices:
- /dev/dvb:/dev/dvb
privileged: true
restart: unless-stopped
#networks:
# proxy:
# external: true
secrets:
my_secret:
file: ./secrets.yaml
# set trusted docker internal network
networks:
default:
ipam:
config:
- subnet: 192.168.0.0/24
lanvpn:
driver: macvlan
driver_opts:
parent: eth0.300
ipam:
config:
- subnet: 192.168.30.0/24
gateway: 192.168.30.1
# app-net:
# ipam:
# config:
# - subnet: 192.168.40.0/24
You can see I am using macvlan to put the container on VLAN 300.f I try to connect to the container from a normal client on the LAN, say from 192.168.5.100, then it connects fine. I think the issue is that its is trying route via the local docker private network of 192.168.30.130 instead of via the gateway that connects the two networks.
Here is the route information from the docker host:
oot@pvr:~# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default router.lan 0.0.0.0 UG 202 0 0 eth0
default FriendlyWRT.lan 0.0.0.0 UG 484 0 0 eth0.300
link-local 0.0.0.0 255.255.0.0 U 312 0 0 veth87af8d1
link-local 0.0.0.0 255.255.0.0 U 316 0 0 veth5291032
link-local 0.0.0.0 255.255.0.0 U 318 0 0 vethe788551
link-local 0.0.0.0 255.255.0.0 U 321 0 0 veth6a07a3a
link-local 0.0.0.0 255.255.0.0 U 323 0 0 vethd79c34f
link-local 0.0.0.0 255.255.0.0 U 325 0 0 vethfd76b61
link-local 0.0.0.0 255.255.0.0 U 327 0 0 veth792529a
link-local 0.0.0.0 255.255.0.0 U 483 0 0 vethcefe2ce
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 br-2add0ff982d3
192.168.5.0 0.0.0.0 255.255.255.0 U 202 0 0 eth0
192.168.30.0 0.0.0.0 255.255.255.0 U 484 0 0 eth0.300
Now, when I add a static route on the docker host for that one container it works, but is that the correct thing to do? And will the route persist on reboot?
ip route add 192.168.30.201 via 192.168.5.1 dev eth0
How should the container be configured to be presented on the correct VLAN and subnet and be routed correctly from the docker host and all hosts on the local lan?