I have a network that was created with the following:
docker network create \
-d bridge \
--subnet 18.104.22.168/16 \
--gateway 22.214.171.124 \
-o "com.docker.network.bridge.name"="test00" \
-o "com.docker.network.bridge.enable_ip_masquerade"="true" \
-o "com.docker.network.bridge.host_binding_ipv4"="0.0.0.0" \
-o "com.docker.network.driver.mtu"="1500" \
-o "com.docker.network.bridge.enable_icc"="true" \
-o "com.docker.network.bridge.default_bridge"="false" \
I then launch a container with for example this
docker run --network=test_nw -p="126.96.36.199:27000:27000/udp" f45923733e74
This mostly seems to work, however the container is getting the hosts main IP address at 188.8.131.52 rather than 184.108.40.206
Looking in IPTables NAT table, it seems to be correctly setup:
49 2597 DNAT udp -- !test00 * 0.0.0.0/0 220.127.116.11 udp dpt:27000 to:18.104.22.168:27000
I’m unsure what’s going wrong here?
When you say the container is getting the host’s IP, do you mean that externally connecting to 22.214.171.124 on port 27000 accesses the container? That’s what -p=27000:27000/udp is supposed to do, it opens port 27000 (UDP) in the same way port forwarding does on a NAT-enabled router. If that’s not what you meant, please clarify and I’ll try to make a better guess.
Sorry, my bad.
Basically, I want to assign the container an IP (the host has multiple IP’s). Right now even doing
Causes the container to bind on 126.96.36.199 (which is the hosts main IP) rather than 188.8.131.52 I need to make it so the container can ONLY bind on 184.108.40.206 and no other IP’s the host has access to.
The container seems to be correctly binding to 220.127.116.11 but after DNAT (which looks correct to me if you look at the IPTables rule above) making the container curl a website that shows the external IP, it’s showing 18.104.22.168 and not 22.214.171.124
I hope that clears things up
So 126.96.36.199 and 188.8.131.52 are IPs on the host; 184.108.40.206 is the IP for the container, and the created network is set to bind the 220.127.116.11/16 subnet to… something. And you want that something to be 18.104.22.168, NOT 22.214.171.124.
Are the 100 and 103 IPs on the host connected to the same LAN? If you disable 103 on the host, does the curl of the website (work and) show the 100 IP? I read through the “docker network create” documentation for a bit and it doesn’t seem to provide any way to specify which NIC on the host is to be used for the network you’re creating. Your IPTables does seem to be set to specifically use the 103 IP, but maybe it needs an entry to specifically disallow the 100 IP for 172.99.0 subnet traffic?