I have a network that was created with the following:

docker network create \
-d bridge \
--ipam-driver="default" \
--subnet 172.99.0.0/16 \
--gateway 172.99.0.1 \
-o "com.docker.network.bridge.name"="test00" \
-o "com.docker.network.bridge.enable_ip_masquerade"="true" \
-o "com.docker.network.bridge.host_binding_ipv4"="0.0.0.0" \
-o "com.docker.network.driver.mtu"="1500" \
-o "com.docker.network.bridge.enable_icc"="true" \
-o "com.docker.network.bridge.default_bridge"="false" \
test_nw

I then launch a container with for example this

docker run --network=test_nw -p="90.40.105.103:27000:27000/udp"  f45923733e74

This mostly seems to work, however the container is getting the hosts main IP address at 90.40.105.100 rather than 90.40.105.103

Looking in IPTables NAT table, it seems to be correctly setup:

49  2597 DNAT       udp  --  !test00 *       0.0.0.0/0            90.40.105.103        udp dpt:27000 to:172.99.0.2:27000

I’m unsure what’s going wrong here?

When you say the container is getting the host’s IP, do you mean that externally connecting to 90.40.105.100 on port 27000 accesses the container? That’s what -p=27000:27000/udp is supposed to do, it opens port 27000 (UDP) in the same way port forwarding does on a NAT-enabled router. If that’s not what you meant, please clarify and I’ll try to make a better guess.

Sorry, my bad.

Basically, I want to assign the container an IP (the host has multiple IP’s). Right now even doing

-p="90.40.105.103:27000:27000/udp"

Causes the container to bind on 90.40.105.100 (which is the hosts main IP) rather than 90.40.105.103 I need to make it so the container can ONLY bind on 90.40.105.103 and no other IP’s the host has access to.

The container seems to be correctly binding to 172.99.0.2 but after DNAT (which looks correct to me if you look at the IPTables rule above) making the container curl a website that shows the external IP, it’s showing 90.40.105.100 and not 90.40.105.103

I hope that clears things up

Thanks!

So 90.40.105.100 and 90.40.105.103 are IPs on the host; 172.99.0.2 is the IP for the container, and the created network is set to bind the 172.99.0.0/16 subnet to… something. And you want that something to be 90.40.105.100, NOT 90.40.105.103.

Are the 100 and 103 IPs on the host connected to the same LAN? If you disable 103 on the host, does the curl of the website (work and) show the 100 IP? I read through the “docker network create” documentation for a bit and it doesn’t seem to provide any way to specify which NIC on the host is to be used for the network you’re creating. Your IPTables does seem to be set to specifically use the 103 IP, but maybe it needs an entry to specifically disallow the 100 IP for 172.99.0 subnet traffic?