Binding docker to IP through custom bridge

I have a network that was created with the following:

docker network create \
-d bridge \
--ipam-driver="default" \
--subnet \
--gateway \
-o ""="test00" \
-o ""="true" \
-o ""="" \
-o ""="1500" \
-o ""="true" \
-o ""="false" \

I then launch a container with for example this

docker run --network=test_nw -p=""  f45923733e74

This mostly seems to work, however the container is getting the hosts main IP address at rather than

Looking in IPTables NAT table, it seems to be correctly setup:

49  2597 DNAT       udp  --  !test00 *          udp dpt:27000 to:

I’m unsure what’s going wrong here?

When you say the container is getting the host’s IP, do you mean that externally connecting to on port 27000 accesses the container? That’s what -p=27000:27000/udp is supposed to do, it opens port 27000 (UDP) in the same way port forwarding does on a NAT-enabled router. If that’s not what you meant, please clarify and I’ll try to make a better guess. :slight_smile:

Sorry, my bad.

Basically, I want to assign the container an IP (the host has multiple IP’s). Right now even doing


Causes the container to bind on (which is the hosts main IP) rather than I need to make it so the container can ONLY bind on and no other IP’s the host has access to.

The container seems to be correctly binding to but after DNAT (which looks correct to me if you look at the IPTables rule above) making the container curl a website that shows the external IP, it’s showing and not

I hope that clears things up


So and are IPs on the host; is the IP for the container, and the created network is set to bind the subnet to… something. And you want that something to be, NOT

Are the 100 and 103 IPs on the host connected to the same LAN? If you disable 103 on the host, does the curl of the website (work and) show the 100 IP? I read through the “docker network create” documentation for a bit and it doesn’t seem to provide any way to specify which NIC on the host is to be used for the network you’re creating. Your IPTables does seem to be set to specifically use the 103 IP, but maybe it needs an entry to specifically disallow the 100 IP for 172.99.0 subnet traffic?