with your help I was able to setup a network with several vlans and approriate firewall rules and a working exposing/forwarding of my home server via https to the web!
But live is boring without (technical) challenges, so I took on a new one
I have running an adguard DNS server as docker container on my home server and it was working perfectly. Just that I want to have it run on an own IP (makes rules easier to understand as all devices from all vlans should be able to access it). So I set up a macvlan network with a different subnet and put it in there. I also added the new vlan to the router and Switch, except setting up a dhcp server. On the switch I did the config exactly as for the admin-network, where the home server sits right now and where everything is working as expected. For troubleshooting I also disabled all drop rules in the firewall.
And from my point of view it din't go that bad as I can see the MAC-address of the container in the hosts table of the switch, also having it's vlan id of 11 assigned. In the router itself it looks the same, so apparently there are packets coming through from the macvlan interface to the router.
So, what didn't work out? I cannot access that container, cannot even ping it. Neither can I ping from the container to the router
As you guys always have great ideas, I am again hoping of a small share of them - thanks in advance!
What I did:
Code: Select all
/interface vlan add interface=bridge name=v11-docker vlan-id=11
/interface bridge vlan add bridge=bridge tagged="bridge,eth2: switch" vlan-ids=11
/interface list member add interface=v11-docker list=VLAN
/ip address add address=10.0.11.1/24 interface=v11-docker network=10.0.11.0
/ip firewall address-list add address=10.0.11.0/24 comment=docker list=LAN-actual
/ip firewall mangle add action=log chain=prerouting in-interface=v11-docker log=yes log-prefix="docker11 - "
