Help Needed: Docker Containers with Static IPs and UniFi ACL Gateway Issues on Unraid

Hi everyone,

I’m currently running Unraid with Docker containers and have recently enabled ACLs (Access Control Lists) on all my UniFi switches. After enabling ACLs, I noticed an issue: my Docker containers on Unraid aren’t getting the correct gateway. This is likely because they have static IPs instead of using DHCP.

Here’s my setup:

  • Unraid is configured with a Docker VLAN, and all traffic on this VLAN goes through a VPN (configured in UniFi). This is important, and I want to maintain this configuration.
  • I also use Proxmox for other VMs/LXCs, where I can easily set a gateway for each instance. However, I can’t find a similar option for Docker containers in Unraid.

Questions:

  1. Is there a way to configure static IPs for Docker containers in Unraid that includes setting the correct gateway?
  2. Alternatively, should I modify the ACL or firewall rules in UniFi to ensure the Docker VLAN traffic routes correctly?
  3. What would be the best and most secure solution to keep everything functioning smoothly, especially ensuring that all traffic from the Docker VLAN continues through the VPN?

Any advice or guidance would be greatly appreciated! Thank you!

for now I’d only anser to 1: you can set docker network parameters in the container configuration form field “Extra parameters”.

I don’t know, where this VPN terminates in your local network, but what you definitely can do (and it works safely) is that you run the VPN endpoint (WG or OVPN) as a container on unraid (Example: OpenVPN-Client by ich777). Then for evey other container that you want to go through this endpoint to the other end of the VPN tunnel, set “Network” to “none” and at “Extra Parameters” you add “–net=container:my-vpn-container-name”.

If the VPN endpoint is not on the unraid machine but elsewhere in a VPN VLAN, you could add the VLAN to the unraid interface and then use the VLAN-interface for the containers that are supposed to use the VPN. You’d then want to ensure that the router is not routing VPN VLAN traffic to other VLANs.