Docker Community Forums

Share and learn in the Docker community.

Access container IP from outside host network

Is it possible to access a container IP outside the host?

I’m trying to assign IPs to my containers that are reachable on the network. I’ve first set up a network
docker network create --subnet --gateway docker-net

Then when I start my container I specify the network and IP
docker run --ti --net docker-net --ip centos

I can ping the container from my host but nowhere else on the network.

I understand this has been asked before but remains unanswered

Well frankly, no. It’s like with conventional NAT as well. The IP’s behind the NAT are not reachable from the outside, and they shouldn’t be. The IPs you are using for your containers are class-B private IPs and should not be reachable from the outside.

What you can do however is assign your host multiple public IPs and then assign the containers one of those.
See here for more information: Multiple host ips to docker container

Or you can consider using a reverse proxy, but that then depends on the actual application you are running.

I will have to disagree. We did set an external IP to a container. There are 2 ways as far as I know:

  • macvlan (the recommended way), see official doc
  • pipework: a deprecated way. We use this way.
    This IP will be accessible to any host that is on the same network as the host. So this IP has to be in the range of this network and you must be careful noone else will take this ip.

That’s basically just a twist of what I said - configure multiple host IPs.

I use macvlan, it works, but you need to turn on promiscuous mode on your network adapter, as the host will have multiple mac addresses (each container will have one).