I have this weird problem regarding the networking between the two applications - Docker and Virtualbox. Some of my Docker containers are using macvlan. macvlan works wonderfully.
I have an ldap server (slave) running on Virtualbox and Docker container (emby). I am trying to authenticate my users via ldap, but unable to do so. When I checked the Emby (container) logs, it says "No route to host 10.1.7.40:7389". This is weird because they are both in the same subnet.
Here is what I have done so far:
- The slave ldap server (VM) and the emby (docker) are both in the same subnet of 10.1.7.0/24, but can't see each other.
- From the slave ldap server, I cannot ping the emby. However, I can see the emby's MAC address in the slave ldap server arp table.
- If I ping the emby from a different subnet or even remotely, I can ping it and it is responding. I can also watch my movies, etc. So the network is working.
- If I point the emby to use the master ldap server which is located in a different subnet, it worked.
- I tried to use my other instance of emby from a different NAS to authenticate to the slave ldap server, this worked as well.
With all these tests, I can safely say that the IP connectivity and openldap are working fine. But the problem exist between Virtualbox and Docker application. Has anyone have encountered this issue or a resolution?
This is the default iptable on my OMV. I have not configured any firewalling on the OMV.
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy DROP)
target prot opt source destination
DOCKER-USER all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain DOCKER (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere 172.17.0.2 tcp dpt:22000
ACCEPT udp -- anywhere 172.17.0.2 udp dpt:21027
ACCEPT tcp -- anywhere 172.17.0.3 tcp dpt:6080
ACCEPT tcp -- anywhere 172.17.0.2 tcp dpt:8384
ACCEPT tcp -- anywhere 172.17.0.3 tcp dpt:5900
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target prot opt source destination
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-ISOLATION-STAGE-2 (1 references)
target prot opt source destination
DROP all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-USER (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Alles anzeigen