- 17
- 0
- NAS
- DS1821+, DS1511+,DS410J
- Router
- RT2600ac
- MR2200ac
- Operating system
- macOS
- Mobile operating system
- iOS
Hi all, this covers a few topic areas so hope it is ok here.
I have a Synology router and I have had until now 4 vlans (default, Iot, cameras, guest). Due to increased family/friends access I have decided to add a fifth (shared) with the intention of keeping everything away from the other 4. My Diskstation has 4 network interfaces so I thought the easiest way to achieve isolation would be to have 1 nic for each vlan with guests missing out - internet only. Default vlan having access to all the other vlans and all the others restricted to their own space with firewall rules on the router. I can ping devices on the other vlans and access virtual machines running on other vlan segments (eg. home assistant).
My thoughts were to run a number of docker containers or a vm on the new shared vlan. Use Nginx Proxy Manager to direct traffic on the vlan. No problems - I can spin up a Debian vm and link it to the network interfaces for the new vlan. Could install docker and the apps I want to use and have that isolated system with some hard drive access via nfs shares.
The other option I was thinking about was using inbuilt docker as it would be easier for data access & backups. I created a macvlan network with ip addresses for the new vlan. Linked to eth3, the network interfaces used. Created a container (speedtest) which shows it is running ok but I can not access it. Can’t ping the container from the default network. Just a blank screen when I put in the address.
I did read this:
Setup:
So 2 questions. What am I doing wrong to get a container to work on a specific network as I can see no settings for this AND does a vm give better security for external access than a container on the shared vlan - if that is possible.
Thanks.
I have a Synology router and I have had until now 4 vlans (default, Iot, cameras, guest). Due to increased family/friends access I have decided to add a fifth (shared) with the intention of keeping everything away from the other 4. My Diskstation has 4 network interfaces so I thought the easiest way to achieve isolation would be to have 1 nic for each vlan with guests missing out - internet only. Default vlan having access to all the other vlans and all the others restricted to their own space with firewall rules on the router. I can ping devices on the other vlans and access virtual machines running on other vlan segments (eg. home assistant).
My thoughts were to run a number of docker containers or a vm on the new shared vlan. Use Nginx Proxy Manager to direct traffic on the vlan. No problems - I can spin up a Debian vm and link it to the network interfaces for the new vlan. Could install docker and the apps I want to use and have that isolated system with some hard drive access via nfs shares.
The other option I was thinking about was using inbuilt docker as it would be easier for data access & backups. I created a macvlan network with ip addresses for the new vlan. Linked to eth3, the network interfaces used. Created a container (speedtest) which shows it is running ok but I can not access it. Can’t ping the container from the default network. Just a blank screen when I put in the address.
I did read this:
Setup:
- Connect LAN 1 to your primary VLAN.
- Connect LAN 2 to the second VLAN (IOT, Cameras, etc.).
- In Docker settings, you can specifically bind containers to the network interface associated with LAN 2.
- This bypasses complex virtual tagging and uses physical hardware separation to ensure accessibility.
So 2 questions. What am I doing wrong to get a container to work on a specific network as I can see no settings for this AND does a vm give better security for external access than a container on the shared vlan - if that is possible.
Thanks.
