Hetzner Networking Subnets

General Discussions
1

Hi,

I would like to create a network which gives containers their own IP from my subnet. The IP is routed through the main ip for my server.

Currently I created a bridge with the subnet, using one of the IPs in the subnet as the gateway. This works and containers are able to connect to the internet, traffic is routed into the container correctly. However, although traffic is routed IN to the container correctly, traffic coming out appears to come from the host.

Example:

Host IP: 88 .99 .11 .22
Container IP: 88 .99 .123 .22

a http get request to 88 .99 .123. 22 will work, it will be routed into the container and if the container is running a web server, the page is returned.

however, if a container makes a post request, then the receiving server sees the request as if it came from 88. 99. 11 .22

This has not been an issue for a while, however I just set up a mail server inside of the docker, I setup the reverse dns for 88 .99 .123 .22 to point to mail .mydomain .com however, when emails are sent, the reverse dns lookup fails because as far as the receiving mail servers are concerned, the mail was sent from 88 .99. 11 .22.

Out of curiosity I wiped the server, installed windows and followed the Hyper-V guide from Hetzner (my server host) to make sure that VMs do actually get their own IP, this was the case. When I was using hyper-v and went to some site like whatsmyip .com it would return 88 .99. 123. 22 which is correct.

This is how the host advices me to setup hyper-v: https://docs.hetzner.com/robot/dedicated-server/windows-server/windows-server-subnet

How can I replicate this in docker so I can have each container have its own ip and have the containers access the web from that ip.

Thank you :slight_smile:

I have been trying to do this for weeks and have gotten no where

1 Like
2

What I think I need to do is to create a virtual interface with a dhcp server running, then have docker connect using network=host to that interface, but Iā€™m not sure how to specify to docker what interface to use as host

3

Having similar issues, I would need some replicated services/containers in a swarm get dedicated IP addresses assigned for outgoing traffic initiated by these containersā€¦ I am already beginning to study some networking basics and even iptables, route configuration etc (I am no expert in networking, and I begin to think I am just wasting my time and should look into other solutions)

What I found until now was the below link, however this will probably prevent me from automated provision of the services e.g. using Composeā€¦

https://medium.com/@havloujian.joachim/advanced-docker-networking-outgoing-ip-921fc3090b09

https://blog.oddbit.com/post/2018-03-12-using-docker-macvlan-networks/

And before this, to actually have macvlan working with replicas, found these instructions (sorry I do not remember where)

Create a docker network configuration on each Docker node that should host a service using macvlan. This configuration will be referenced by the macvlan to be created later on:

sudo docker network create --config-only --subnet 192.168.178.0/24 --gateway 192.168.178.1 -o parent=enp0s5.10 --ip-range 192.168.178.224/28 --aux-address ā€˜host=192.168.178.239ā€™ confignet

Create a macvlan with swarm scope that goes by the name of ā€œswarm-macvlanā€:
sudo docker network create -d macvlan --scope swarm --config-from confignet swarm-macvlan

Create a service for testing this config
sudo docker service create --name macvlantest --network swarm-macvlan --replicas 3 -p 8080:80/tcp praqma/network-multitool

I begin to think that I am not getting this to work because of my VMs network config (I am running Parallels Desktop on the Mac with three Docker nodes on Ubuntu). Hope someone can help to get this sorted, any hints welcomeā€¦

4

Hi, I figured it out.

It is super simple

Create the network normally but also include the -o "com.docker.network.bridge.enable_ip_masquerade"="false" option. Make sure IPV4 forwarding is enabled in your host OS too.

Then create your docker container normally with --net= and --ip=

Sample:

  1. Create network
docker network create \
  --driver=bridge \
-o "com.docker.network.bridge.enable_ip_masquerade"="false" \
--subnet=abc.abx.242.0/28 \
--gateway=abc.abc.242.1 \
  bignet
  1. Create container

docker run -it --net=bignet --ip=abc.abc.242.2 ubuntu bin/bash

replace the subnet and gateway with your subnet / gateway. Your gateway is the first ip in the subnet. For example on a 192.168.1.1/28 the gateway is 192.168.1.2. Then you can use every address after it, 192.168.1.3 - x