Duel Ethernet NAS docker setup

[ETHREAL1]

OK so just got my first IOT device (an ecobee thermostat) so I made an IOT network, so I now have a main network and an IOT network fully separated, now I have a Synology NAS that has 2 Ethernet ports, one connected to the main network set as the main adapter, and the other one is connected to the IOT network, what I would like to do is have things like the Philips hue controller and such running in dockers on the NAS but have those docker containers only have access to the IOT network, not the main network, but I also want to be able to have things like Minecraft servers in docker containers on the main network.

 

how would I achieve this if it is possible at all?

[Electronics Wizardy]

I don't know how exactly synology does this, but you can do this.

 

Id personally just have one ip, and then have the filewall manage what subnets can access what services on their server. You can also do the routes on a per program/ container/vm basis.

[ETHREAL1]

10 minutes ago, Electronics Wizardy said:

I don't know how exactly synology does this, but you can do this.

 

Id personally just have one ip, and then have the filewall manage what subnets can access what services on their server. You can also do the routes on a per program/ container/vm basis.

Well here is the Synology network page

 

[Electronics Wizardy]

Are the subnets connected with a router?

 

Does synology let you set IP on the docker container?

[ETHREAL1]

Not that I can tell.... this is the docker network path thing....

[ETHREAL1]

And I’m using a UniFi network system, the IOT network is on a Vlan only with access to other items on that vlan and the Internet

[ETHREAL1]

I just can’t find a way to assign containers to the correct network adapter.... that’s all I need to get this finished

[ETHREAL1]

4 hours ago, Electronics Wizardy said:

Are the subnets connected with a router?

 

Does synology let you set IP on the docker container?

OK so think I may have a way to do this.... want thoughts though,

 

so discovered that I can change firewall rules per NIC, so right now I have it de so that on NIC 1 (main network) everything is blocked unless specified, and I can designate specific docker images as part of that, and NIC 2 (IOT network) is by default set to allow all port if the port is in use with all the items allowed on NIC 1 blocked on NIC 2.

[Electronics Wizardy]

10 hours ago, ETHREAL1 said:

OK so think I may have a way to do this.... want thoughts though,

 

so discovered that I can change firewall rules per NIC, so right now I have it de so that on NIC 1 (main network) everything is blocked unless specified, and I can designate specific docker images as part of that, and NIC 2 (IOT network) is by default set to allow all port if the port is in use with all the items allowed on NIC 1 blocked on NIC 2.

wouldn't it be easier to do the firewall on the router instead of the nas?

 

Also id get a different hypervisor here with better network controls, synology isn't known for being a great hypervisor.