Good day,

i am using docker (with portainer) for 2 months now. and still don’t get the networking part.

At start docker takes the full 172.17.x.x range for … i don’t know what it want to do with 65.534 ip’s?
I am not able to (and want to) use that range for docker since it is already in use in one of the vlans.
so the first option was to use a host network. but strange enough the container also get an 172.17 ip.

so i found the solution. shift to MACVLAN. this looks nice. but it turns out it is networking like the 80’s
so i need to reserve an range inside my own subnet. strange but accepatable. (why is it ignoring dhcp?)
so in the container i need manualy fill in the network parts (domain name. ip and dns)
after this it completly ignores the dns servers. instead uses the 127.0.0.11 internal dns for query’s.
but it fogets to register its own name. so now i need to manualy add the dns entry’s (and remind me to remove them later)

can someone explain why netowking is so dificult with docker. all i want is simply a dhcp-client. and no conflicting subnets.

Those are the defaults, if not specified otherwise.

You might like this blog post

after some google-ing i found out that the file /etc/docker/daemon.json doesn’t exist. and need to be created manualy.
I was able to change the subnet to a /24 range that i will never use / need.

so i guess i can use “host” network next time and my container will have normal network?

but i still don’t understand why we need the strange extra nat layer?
it can only give troubles that nobody needs. also it is a realy bad security practice to not know where data is coming from.
if you have more than 250 containers i bet you can fix your own network as well.

Also the nat (wich isn’t a bridge so stop calling it a bridge) can be an optional part. for people that have an external ip to an vps.