jean/docu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fbf62e6e48f7b942ef074ba62eb8a90d40f094e4
docu/guests/vm101-ubuntu/docbr0-opnsense-routing.md
T
root fbf62e6e48 Doku: allgemeines OPNsense-Docker-Routing-How-To in shared. 
VM-101-Instanz verweist auf shared; Duplikate reduziert.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-28 11:14:24 +02:00

96 lines
2.3 KiB
Markdown
Raw Blame History

# docbr0 (10.2.2.0/24) — Routing & OPNsense
**Instanz:** VM 101 `ubuntu` auf pve1
**Allgemeine Anleitung:** [../../shared/opnsense-docker-subnet-routing.md](../../shared/opnsense-docker-subnet-routing.md)
---
## Werte für diese Instanz
| Variable | Wert |
|----------|------|
| `DOCKER_SUBNET` | `10.2.2.0/24` |
| `DOCKER_HOST` | `192.168.10.10` |
| Docker-Netzname | `docbr0` (extern) |
| Bridge-Gateway (Host) | `10.2.2.1` |
| OPNsense Gateway-Name | `VM101_DOCKER` |
| Firewall-Alias | `DOCKER_DOCBR0` |
`10.2.2.1` ist **kein OPNsense-Interface** — nur die Docker-Bridge auf VM 101.
---
## Topologie
```
Client (192.168.10.x / andere VLANs)
OPNsense (192.168.10.1)
│ Route: 10.2.2.0/24 → 192.168.10.10
VM 101 (192.168.10.10 + 10.2.2.1 docbr0)
Container (10.2.2.x)
├── 10.2.2.254 NPM
├── 10.2.2.253 Nextcloud
└── … siehe [README.md](README.md)
```
---
## OPNsense (Kurz)
Siehe [How-To](../../shared/opnsense-docker-subnet-routing.md) für Screenshots-Felder im Detail.
1. Gateway **VM101_DOCKER**`192.168.10.10` auf LAN/VLAN10
2. Route **10.2.2.0/24** via VM101_DOCKER
3. Firewall Pass: Quell-VLAN → `10.2.2.0/24` (pro Interface)
4. Apply Changes
---
## VM 101 — Host-Checks
| Check | Erwartung |
|-------|-----------|
| Bridge | `10.2.2.1/24` auf `docbr0` |
| `ip_forward` | `1` |
| Docker | `"iptables": false` |
| Container-Internet | [vm101-docker-nat-rules.sh](../../pve1/scripts/vm101-docker-nat-rules.sh) |
```bash
ip route | grep 10.2.2
ping -c1 10.2.2.253
ping -c1 10.2.2.254
sudo docker network inspect docbr0 --format '{{range .IPAM.Config}}{{.Subnet}}{{end}}'
```
---
## Tests (diese Instanz)
```bash
traceroute 10.2.2.253
curl -sI http://10.2.2.253/status.php
curl -sI http://10.2.2.254
```
---
## Alltag vs. Admin
| Zugriff | Weg |
|---------|-----|
| Benutzer | Hostname → NPM (`10.2.2.254`) → Backend |
| Admin | Direkt `10.2.2.x` (Dockge, Logs, Bypass NPM) |
---
## Referenzen
| Dokument | Inhalt |
|----------|--------|
| [README.md](README.md) | Stack-Liste, IP-Tabelle |
| [../../pve1/06_ubuntu-vm-nextcloud.md](../../pve1/06_ubuntu-vm-nextcloud.md) | Nextcloud, notify_push |
| [../../shared/opnsense-docker-subnet-routing.md](../../shared/opnsense-docker-subnet-routing.md) | Allgemeines How-To |
Reference in New Issue View Git Blame Copy Permalink