-
The current documentation for the advanced network setup is a little hard to understand. I will be pointing my reverse proxy and port forwards to services in these jails as soon as I can figure out how to assign a unique static IP or NAT to each jail. |
Beta Was this translation helpful? Give feedback.
Replies: 6 comments 22 replies
-
Why do you need static IPs for the jails? Can't you use the default host networking? A service inside the jail can bind to a port on the host IP address, e.g. 8080, which you can then point your reverse proxy to. If you must it is possible to give the jail a static IP following the steps in the advanced networking setup. I hope you succeed if you try :) |
Beta Was this translation helpful? Give feedback.
-
I dont know if this would help any of you looking to run services without changing for example port 80 or 443, I followed this youtube guide and as a result, I am able to create a bridge and run numerous containers with Jailmaker on my TNS without changing any ports on TNS. I feel is we can incorporate this into the guidelines of Jailmaker, it would extend the abilities quite a lot. https://www.youtube.com/watch?v=7clQw132w58 |
Beta Was this translation helpful? Give feedback.
-
Here's how to run Static IPs for jails/containers WITHOUT using bridges. This is identical to the behavior of TrueNAS Core's jails when a Static IP is set. Add
Remembering to replace the X's with your desired IP and Gateway's (Router) IP. For an example it was Thats it. No bridges, or anything. Utilises the TrueNAS network interface to designates a Static IP (even when conflicting, yes will stop you connecting from TrueNAS if conflicting) |
Beta Was this translation helpful? Give feedback.
-
Can you provide any reason this would be needed? The whole point of containers is running services that can't touch the host system. And TrueNAS recommends not installing ANYTHING AT ALL to the Linux OS underneath it. The only reason nspawn containers are viable is because they can't corrupt the TrueNAS install. |
Beta Was this translation helpful? Give feedback.
-
Been testing this a bit today. I had assumed that macvlan wouldn't work if the primary interface was involved in a bridge. This is not true. As I see it, the only reason to use network-bridge is if you want the jail to have connectivity to the host. Network connectivity is just fine to the LAN (and WAN). You can use your router to assign fixed IP via DHCP to the jail, as systemd containers use a hash of the container name for the MAC address, thus as long as your jail's name doesn't change, the MAC won't change. If you don't use a router as your DHCP server, then you will want to use a fixed IP address. I really don't see much cause to use host networking in a systemd jail... unless you are wanting to add services to the host per se, many of us are wanting to add services to our network, and it doesn't need to be on the same IP as the NAS (host). So, the only reason to use bridge mode networking in the jail is if if you NEED to access the NAS/Host IP... for SMB, or iSCSI, or some other reason... say SSH, but that'd be a security hole. I can't think of a good reason, when you already have bind mounts. |
Beta Was this translation helpful? Give feedback.
-
I demonstrate setting up Static IPs for both MAC-VLAN and bridge networking in this video |
Beta Was this translation helpful? Give feedback.
Here's how to run Static IPs for jails/containers WITHOUT using bridges. This is identical to the behavior of TrueNAS Core's jails when a Static IP is set.
Add
--network-macvlan=eno1 --resolv-conf=bind-host
to user flags either during creation or after by editing the config.Run
nano /etc/systemd/network/mv-dhcp.network
(you will need to install the nano editor, or you can use a remote file browser like WinSCP to edit the file manually).Change the contents to:
Remembering to replace the X's with your desired IP and Gateway's (Router) IP. For an example it was
Address=192.168.1.10
G…