@ITV 

How did you set up the IP routing in your container--mine is bridged to docker host?  Basically does your docker container have external routed internet access because if it doesn't, you'd get that kind of message.

d0ugmac1 wrote

  @ITV 

How did you set up the IP routing in your container--mine is bridged to docker host?  Basically does your docker container have external routed internet access because if it doesn't, you'd get that kind of message.

Thank you for your quick response.

See attached images:

• There is a Docker mac-vlan network involved called itv_lan. This has 192.168.139.240 as a default gateway. And 192.168.139.235 as DNS server.
• I have added the same DNS server to the file /etc/default/docker.
• Tried with and without mapping TCP-ports (usually a macvlan network ignores these mappings and just uses the one defined within the container).
• Also tried with and without promiscous mode on the interface
• The Docker host is on IP 192.168.139.235 and runs pihole as DNS server (on bare metal!). This is working as expected.
• Both Docker host and Omada are within the same subnet and have the same gateway configured. This network is un-tagged.
• The Adguard container is running on the same host but with a different mac-vlan (i.e. thuis_itv_lan tagged with 99) and default gateway 192.168.9.222. This is working as expected.
• The subnets are 192.168.139.0/24 (un-tagged) and 192.168.9.0/24 (tagged with vlan 99) respectively.

Any suggestions on what could be wrong? And what could be done about this?

With warm regards - Will

=====

  @ITV 

Any significance to Omada being in Healthy status but the other two containers are Running?

Create a test container attached to the host network and see if you can connect that instance to the cloud.

d0ugmac1 wrote

  @ITV 

 

Any significance to Omada being in Healthy status but the other two containers are Running?

 

Create a test container attached to the host network and see if you can connect that instance to the cloud.

 

 

  @d0ugmac1 

The Healthy status seems to be related to some health check inside the container:

Just tried the mac-vlan approach on a different Docker host. This time it works as expected.

I now have to figure out why it doesn't work on the Docker-production-host.

Also because ufw is turned off.

Suggestions?

Cheers - Will

Meanwhile I found out that the container can not reach the internal DNS server.

This internal DNS server is running on the same host as the Omada container.

However it runs against the OS - not as a container.

If I change the DNS config of the Omada container and point it to an external DNS-server, it works as expected.

Likewise if moving the Omada container to a different Dock host while maintaining the original DNS server.

I also tried ufw-docker and added the IP-address of the DNS-server to /etc/docker/daemon.json => no results.

The output of cat /etc/resolv.conf is:

search itv.lan DOMAINS
nameserver 127.0.0.11
options ndots:0

I'm running out of options here - any suggestions are welcome... :-)

  @d0ugmac1 

Thank you - that indeed works as expected.

I have started the DNS-server app on the Synology and activated it as DNS-forwarder to Pihole...