root
805b6d3534
Verlinkungen angepasst; pve2/guests als Platzhalter. Co-authored-by: Cursor <cursoragent@cursor.com>
96 lines
2.3 KiB
Markdown
96 lines
2.3 KiB
Markdown
# docbr0 (10.2.2.0/24) — Routing & OPNsense
|
|
|
|
**Instanz:** VM 101 `ubuntu` auf pve1
|
|
**Allgemeine Anleitung:** [../../../shared/opnsense-docker-subnet-routing.md](../../../shared/opnsense-docker-subnet-routing.md)
|
|
|
|
---
|
|
|
|
## Werte für diese Instanz
|
|
|
|
| Variable | Wert |
|
|
|----------|------|
|
|
| `DOCKER_SUBNET` | `10.2.2.0/24` |
|
|
| `DOCKER_HOST` | `192.168.10.10` |
|
|
| Docker-Netzname | `docbr0` (extern) |
|
|
| Bridge-Gateway (Host) | `10.2.2.1` |
|
|
| OPNsense Gateway-Name | `VM101_DOCKER` |
|
|
| Firewall-Alias | `DOCKER_DOCBR0` |
|
|
|
|
`10.2.2.1` ist **kein OPNsense-Interface** — nur die Docker-Bridge auf VM 101.
|
|
|
|
---
|
|
|
|
## Topologie
|
|
|
|
```
|
|
Client (192.168.10.x / andere VLANs)
|
|
▼
|
|
OPNsense (192.168.10.1)
|
|
│ Route: 10.2.2.0/24 → 192.168.10.10
|
|
▼
|
|
VM 101 (192.168.10.10 + 10.2.2.1 docbr0)
|
|
▼
|
|
Container (10.2.2.x)
|
|
├── 10.2.2.254 NPM
|
|
├── 10.2.2.253 Nextcloud
|
|
└── … siehe [README.md](README.md)
|
|
```
|
|
|
|
---
|
|
|
|
## OPNsense (Kurz)
|
|
|
|
Siehe [How-To](../../../shared/opnsense-docker-subnet-routing.md) für Screenshots-Felder im Detail.
|
|
|
|
1. Gateway **VM101_DOCKER** → `192.168.10.10` auf LAN/VLAN10
|
|
2. Route **10.2.2.0/24** via VM101_DOCKER
|
|
3. Firewall Pass: Quell-VLAN → `10.2.2.0/24` (pro Interface)
|
|
4. Apply Changes
|
|
|
|
---
|
|
|
|
## VM 101 — Host-Checks
|
|
|
|
| Check | Erwartung |
|
|
|-------|-----------|
|
|
| Bridge | `10.2.2.1/24` auf `docbr0` |
|
|
| `ip_forward` | `1` |
|
|
| Docker | `"iptables": false` |
|
|
| Container-Internet | [vm101-docker-nat-rules.sh](../../scripts/vm101-docker-nat-rules.sh) |
|
|
|
|
```bash
|
|
ip route | grep 10.2.2
|
|
ping -c1 10.2.2.253
|
|
ping -c1 10.2.2.254
|
|
sudo docker network inspect docbr0 --format '{{range .IPAM.Config}}{{.Subnet}}{{end}}'
|
|
```
|
|
|
|
---
|
|
|
|
## Tests (diese Instanz)
|
|
|
|
```bash
|
|
traceroute 10.2.2.253
|
|
curl -sI http://10.2.2.253/status.php
|
|
curl -sI http://10.2.2.254
|
|
```
|
|
|
|
---
|
|
|
|
## Alltag vs. Admin
|
|
|
|
| Zugriff | Weg |
|
|
|---------|-----|
|
|
| Benutzer | Hostname → NPM (`10.2.2.254`) → Backend |
|
|
| Admin | Direkt `10.2.2.x` (Dockge, Logs, Bypass NPM) |
|
|
|
|
---
|
|
|
|
## Referenzen
|
|
|
|
| Dokument | Inhalt |
|
|
|----------|--------|
|
|
| [README.md](README.md) | Stack-Liste, IP-Tabelle |
|
|
| [../../06_ubuntu-vm-nextcloud.md](../../06_ubuntu-vm-nextcloud.md) | Nextcloud, notify_push |
|
|
| [../../../shared/opnsense-docker-subnet-routing.md](../../../shared/opnsense-docker-subnet-routing.md) | Allgemeines How-To |
|