I am looking for the best way to allow a container to reach some network ports on my docker host network while maintaining the use of my user defined networks. I was thinking the best way to do this would be to create a specific user defined network and create an iptables rule to allow traffic from that user defined network’s interface to my docker host. Is this the correct way to go about this?
Using iptables -A INPUT -i <some_docker_network_interface> -j ACCEPT worked, but I had to manually find the interface name to create the iptables rule. Is there a way to query docker for the name of the interface it creates on the host for that specific user defined network?
You are right. I should have tested it myself before posting…
Update:
My answer was untested, though I have seen one of our devs using it and concluded this is ootb behavior.
That was a wrong assesment on my side, he used the ip 172.18.0.1 from the docker_gwbridge interface. If you execute ip a inside the container, you will notice that your container is implicitly connected to that network and can reach the host using the docker_gwbridge’s ip.
I just hooked a container into another containers network namespace: docker run -it --net container:8bccc787c5fb nicolaka/netshoot. Inside the container I can access the host port for my Traefik container using curl -ivLk 172.18.0.1. The container I hooked into is connected to a private network, which is not shared with Traefik.