Is it possible to have one jailmaker jail be on multiple VLANs?

[skellycode]

Hi!

My current setup has a single docker-compose file which creates 5x macvlans, and attaches the relevant services to achieve segmentation. This works well as everything is consolidated and it only takes a single docker-compose up -d to get the whole thing running.

I'm playing around with jailmaker and looking to migrate across in preparation for Cobia, but couldn't find any documentation on attaching a single jail to multiple VLANs. Is this possible, and if so, how do I it?

I'm hoping to not wind up in a situation where I have to execute docker-compose up -d 5 times across 5 jails! Not to mention that it would use a lot more resources to run 5x jails and 5x docker!

Thank you in advance 😃

[Jip-Hop]

I think using host networking for the jail and then just running docker compose up -d in the directory where your compose file is would fit the bill.

[skittle-brau]

I was also looking to do the same thing because I didn't want my jail/container to have access to my management VLAN which the TrueNAS web interface is bound to, so using host networking was not ideal. Since I already had bridges set up attached to the three VLANs I wanted to have accessible in the container (br10, br20, br50), I simply added multiple instances of macvlan into user arguments. I don't have a need for the jail/container to be able to contact the TrueNAS host, so that limitation is fine with me.

Eg.
--network-macvlan=br10 --network-macvlan=br20 --network-macvlan=br50

I then created a static IP for each one by creating a new file in /etc/systemd/network/

Eg.

nano /etc/systemd/network/mv-br10.network

[Match]
Virtualization=container
Name=mv-br10*

[Network]
DHCP=false
Address=192.168.10.5/24
Gateway=192.168.10.1

Hope this helps someone else out too :)