Assign a container as docker network gateway

Docker Engine General
,
1

I’m on truenas fangtooth (25.04.2.4) using docker version 27.5.0, build a187fa5. I’m trying to create a docker network with:

docker network create --subnet=172.168.101.0/24  --gateway=172.168.101.1 --ipv6=false --opt="com.docker.network.bridge.inhibit_ipv4=true" --opt="com.docker.network.enable_ipv6=false" test

The intention is to create a network that uses a container (with static ip 172.168.101.1) as gateway for other containers connected to that network. I’ve searched on internet and found some workaround, but it involves changes to iptables/nftables rules that i want to avoid. Searching on documentation i found the com.docker.network.bridge.inhibit_ipv4 option (here) that states:

The com.docker.network.bridge.inhibit_ipv4 option lets you create a network without the IPv4 gateway address being assigned to the bridge.

So i went this way, but when i try to create a container (a custom app in truenas) with the static ip 172.168.101.1 it says that the ip address is already in use.
Changing the gateway ip to someting else and leaving the container ip the same, do not raise the error anymore. Inspecting the network shows that com.docker.network.bridge.inhibit_ipv4 is enabled, but still it not behaves as expeced. So… am i missing something? Maybe i misunderstood that sentence or is this option broken?

Edit: added some tags

2

Just for cross reference, I leave this link here to the other topic

So I’m not sure about how that option should work, but why do you want to use an IP which is already a gateway by default?

3

Hi rimelek and thank you for your reply. What I’m trying to achieve is a container that routes all connections from some other containers through a VPN. Using com.docker.network.bridge.inhibit_ipv4 I hoped Docker would set the default gateway for the network to that IP without assigning it, then configure it as a static IP on the gateway container. I have the feeling this wouldn’t work even if com.docker.network.bridge.inhibit_ipv4 worked as described, but I’m running out of ideas and wanted to try it anyway.

I know this is a fairly common topic and there are several solutions around, but the ones I found involve using iptables/nftables and/or docker compose files that include all the involved containers and:

  • Since I’m new to TrueNAS, I’d like, at least initially, to avoid making changes that affect the OS (and, as a fact, in a few weeks I won’t have memory of them anymore)
  • Since several containers would need to use the gateway, I want them to be in separate docker compose files (ideally not even touch their compose file and let them be regular apps from Truenas store), so I can start/stop them individually and see them as separate apps on TrueNAS.