connect a docker container to a local network
What I am trying to do
I am trying to make my container available to network to all the devices not just the docker host.
Information
- My network subnet is 9.158.143.0/24
- my gateway is 9.1158.143.254
- my docker host IP is 9.158.143.52 primary interface (ens160)
- and my container IP is 9.158.143.65
- docker-pid is docker process id
- docker id is docker ip
What I am trying to do
I am trying to make my container available to network to all the devices not just the docker host.
I want to make the docker config such that the docker can be accessed(ssh in my case) from anywhere within my network.
Steps followed so far
-
Start by creating a new bridge device.
brctl addbr br-em1
ip link set br-em1 up
-
add this device to your bridge
- brctl addif br-em1 ens160
-
Configure the bridge with the address that used to belong to ens160
ip addr del 9.158.143.52/24 dev ens160
ip addr add 9.158.143.52/24 dev br-em1
-
move default route to the bridge
- ip route del default
- ip route add default via 9.158.143.254 dev br-em1
Till this point everthing works. docker host has network connectivity.
docker run -itd --name web ubuntu
-
Create a veth interface pair:
- ip link add web-int type veth peer name web-ext
brctl addif br-em1 web-ext
-
And add the web-int interface to the namespace of the container:
- ip link set netns $(docker-pid web) dev web-int
nsenter -t $(docker-pid web) -n ip link set web-int up
nsenter -t $(docker-pid web) -n ip addr add 9.158.143.65/24 dev web-int
Till now veth is created inside docker container and internet is working inside container.
nsenter -t $(docker-pid web) -n ip route del default
nsenter -t $(docker-pid web) -n ip route add default via 9.158.143.254 dev web-int
The problem
These are the steps followed.after last 2 steps the internet stops working withing container. I am not able to ping docker host machine from any other machine in the network(which beforehand was working).
Is there any iptables rule which need to be added apart from these steps. If so please help.
PS: my docker0 ip is 172.17.0.1 Link used: http://blog.oddbit.com/2014/08/11/four-ways-to-connect-a-docker/ (with linux bridge devices)
Ubuntu image used has ssh service up and running.
The approach that I took when setting something similar was to statically assign IP addresses to each container. I then "stacked" the IP addresses as secondary IPs on the bridge's interface, vmbr0
.
My network setup:
$ ip a l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:22:15:91:XX:XX brd ff:ff:ff:ff:ff:ff
inet6 fe80::222:15ff:fe91:XXXX/64 scope link
valid_lft forever preferred_lft forever
3: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 00:22:15:91:XX:XX brd ff:ff:ff:ff:ff:ff
inet 192.168.1.10/24 brd 192.168.1.255 scope global vmbr0
inet 192.168.1.101/24 scope global secondary vmbr0
inet 192.168.1.103/24 scope global secondary vmbr0
inet6 fe80::222:15ff:fe91:c12d/64 scope link
valid_lft forever preferred_lft forever
4: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
inet 172.17.42.1/16 scope global docker0
I added these secondary IPs like so:
$ ip addr add 192.168.1.101/24 dev vmbr0
$ ip addr add 192.168.1.101/24 dev vmbr0
I would run my containers like so:
$ docker run --name='bind' -d \
-p 192.168.1.101:53:53/udp \
-p 192.168.1.101:10000:10000 sameersbn/bind:latest