Dear All,
Please accept my apology for asking this basic question. I’m trying to understand the building block of the docker container from seed-lab’s docker-compose.yml file. I’ve provided the file below-
The problem is after starting the containers I can access to open internet, and download packages from any container situated in the 10.9.0.0 block but am unable to connect/install anything from the 192.168.60.0 block (i.e., host-1). When I run ping 8.8.8.8 from host-1 it says - the network is unreachable. I’m using Ubuntu 20.04 pre-built version from seed-lab and running in virtual box. Your suggestion and help is much appreciated.
version: "3"
services:
user1:
image: handsonsecurity/seed-ubuntu:large
container_name:user-1
tty: true
cap_add:
- ALL
sysctls:
- net.ipv4.conf.all.accept_redirects=1
privileged: true
volumes:
- ./evfile:/evfile
networks:
net-10.9.0.0:
ipv4_address: 10.9.0.5
command: bash -c "
ip route add 192.168.60.0/24 via 10.9.0.11 &&
tail -f /dev/null
"
attacker:
image: handsonsecurity/seed-ubuntu:large
container_name: attacker-1
tty: true
cap_add:
- ALL
privileged: true
volumes:
- ./volumes:/volumes
networks:
net-10.9.0.0:
ipv4_address: 10.9.0.105
command: bash -c "
ip route add 192.168.60.0/24 via 10.9.0.11 &&
tail -f /dev/null
"
malicious-router:
image: handsonsecurity/seed-ubuntu:large
container_name: malicious-router-1
tty: true
cap_add:
- ALL
sysctls:
- net.ipv4.ip_forward=1
- net.ipv4.conf.all.send_redirects=1
- net.ipv4.conf.default.send_redirects=1
- net.ipv4.conf.eth0.send_redirects=1
privileged: true
volumes:
- ./volumes:/volumes
networks:
net-10.9.0.0:
ipv4_address: 10.9.0.110
command: bash -c "
ip route add 192.168.60.0/24 via 10.9.0.11 &&
tail -f /dev/null
"
Router-2:
image: handsonsecurity/seed-ubuntu:large
container_name: router-2
tty: true
cap_add:
- ALL
sysctls:
- net.ipv4.ip_forward=1
networks:
net-10.9.0.0:
ipv4_address: 10.9.0.11
net-192.168.60.0:
ipv4_address: 192.168.60.11
command: bash -c "
ip route del default &&
ip route add default via 10.9.0.1 &&
tail -f /dev/null
"
host-1:
image: handsonsecurity/seed-ubuntu:large
container_name: host-1
tty: true
privileged: true
volumes:
- ./evcsfile:/evcsfile
cap_add:
- NET_ADMIN
sysctls:
- net.ipv4.conf.all.accept_redirects=1
networks:
net-192.168.60.0:
ipv4_address: 192.168.60.5
command: bash -c "
ip route del default &&
ip route add 10.9.0.0/24 via 192.168.60.11 &&
tail -f /dev/null
"
host-2:
image: handsonsecurity/seed-ubuntu:large
container_name: host-2
tty: true
privileged: true
volumes:
- ./evcsfile:/evcsfile
sysctls:
- net.ipv4.conf.all.accept_redirects=1
cap_add:
- ALL
networks:
net-192.168.60.0:
ipv4_address: 192.168.60.6
command: bash -c "
ip route del default &&
ip route add 10.9.0.0/24 via 192.168.60.11 &&
tail -f /dev/null
"
networks:
net-192.168.60.0:
name: net-192.168.60.0
ipam:
config:
- subnet: 192.168.60.0/24
net-10.9.0.0:
name: net-10.9.0.0
ipam:
config:
- subnet: 10.9.0.0/24