Reputation: 3055
How to run docker containers in their network with an external gateway?
I have some images that I'm managing with docker-compose and I need to run them in a different network than that of the host machine (which is running Ubuntu 16).
Host machine has IP 10.0.1.19/24 and gateway 10.0.1.1.
This is my docker-compose.yml:
version: '2'
services:
db:
...
networks:
ab-net:
ipv4_address: 10.1.2.250
...
app:
...
networks:
ab-net:
ipv4_address: 10.1.2.11
...
networks:
ab-net:
driver: bridge
ipam:
driver: default
config:
- subnet: 10.1.2.0/23
gateway: 10.1.2.1
The firewall (which is out of my control and can't be changed) allows direct incoming connections to 10.1.2.0/23 via containers' gateway 10.1.2.1 (which is the firewall itself) and not to the host.
Running the container with that configuration, docker configures a br-interface on the host with IP 10.1.2.1; thus on the network there are two machines with the same IP: the host and the firewall/gateway.
Containers have access to the internet, they see each others and from the host machine I can connect to the containers.
How can I have that scenario working? At this stage I would prefer not to use any orchestration tool, if possible.
Upvotes: 3
Views: 947
Answers (2)
Reputation: 3055
I found out that the only option to do that is using the (currently) experimental feature "Ipvlan Network".
The Linux implementations are extremely lightweight because rather than using the traditional Linux bridge for isolation, they are simply associated to a Linux Ethernet interface or sub-interface to enforce separation between networks and connectivity to the physical network.
The documentation is quite large and can't be copied here, however those are the commands I had to run to achieve that:
echo 8021q >> /etc/modules
modprobe 8021q
apt-get install vlan
edit /etc/network/interfaces
auto eth1.2320
iface eth1.2320 inet manual
vlan-raw-device eth1
auto eth1.2321
iface eth1.2321 inet manual
vlan-raw-device eth1
auto eth1.2322
iface eth1.2322 inet manual
vlan-raw-device eth1
auto eth1.2323
iface eth1.2323 inet manual
vlan-raw-device eth1
auto eth1.2324
iface eth1.2324 inet manual
vlan-raw-device eth1
/etc/init.d/networking restart
Upvotes: 1
Reputation: 906
You can not set different network outsite docker's NAT.
Upvotes: 0
Related Questions
- How to use docker container as a router for other containers in the same network
- Use docker container as network gateway
- How to connect different docker containers running on different network
- How do I connect containers in different networks in Docker Compose?
- internal and external network with docker-compose?
- Docker-compose access LAN from containers
- Connecting docker containers using external network
- How to access container from another compose that connected to external network?
- How to access a running docker containers external ip from within the container?
- Docker Container to Host Routing