Docker Community Forums

Share and learn in the Docker community.

How to set up a container just like a virtual machine in bridge mode? (meaning, the container gets its own external ip)

(Sam) #41

i made sure to turn off promiscuous mode on my on hardware linux… and the script above still works for me…

i modified my old app scripts to use this instead of pipework, and it works fine on some hosts and not others…(no different than the old pipework approach)

(Kbr0n) #42

I installed ubuntu directly on pc - still does not work
same problem, step 3 keeps sending discover and no response

I’ve been researching for how to create a virtual eth interface on linux that would get is ip via dhcp to then connect the docker to it, maybe that would be easier but no luck with that either.

(Sam) #43

on your physical install on the physical network interface ??? do

ip link set ???? promisc on

then try again, and

ip link show 

should show promiscuous mode on

2: eth0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 1c:c1:de:50:8e:cb brd ff:ff:ff:ff:ff:coffee:

(Kbr0n) #44

tried again with promisc mode on, unfortunately, same issue on step 3.

(Kbr0n) #45

OMG! I did it! thank the Lord!

only tested in ubuntu directly installed on pc
gotta test more

but I found out a way to get the lease
thank you so much for all your help and attention
best regards

(Sam) #46

So, tell us what u did!

(Kbr0n) #47

ah ok, I thought no one would ask haha!

so, grab a drink, some snacks and enjoy the reading

01 | First, I create a macvlan interface on the host, call it “eth1”, and link it to “eth0”. The second line is optional, you can specity the mac for this new interface, if you don’t, a random one will be used. Bring eth1 up (3rd line)

    ip link add dev eth1 link eth0 type macvlan
    ip link set eth1 addr <mac address>
    ip link set eth1 up
    dhclient eth1 -v

and now the thing that changed the game - I run dhclient on the new created interface and boom, it got a lease! same range as public ip from host, external, looking good. no docker so far, but hold on, we’re getting there. so, now if I run “ifconfig” I can see both eth0 and eth1 have ip addresses assigned to them, tho, I cannot use both simultaneously from the host, as a matter of fact, I could not use the new received ip on eth1 from the host - but I was cool, that’s was not my goal anyway. the missing part was now found, I had a “LEASE!” {angelical choir plays} let’s move on.

02 | So, I took note of eth1 info (ip route, ifconfig):


03 | good, now, before continuing we gotta take eth1 down and change it’s mac, because our soon to be launched “Container of the Victory” will have these specs and we don’t neeeeed no more trouble, right?

ifconfig eth1
ip link set eth1 down
ip link set eth1 addr <change to a different mac>

04 | Time to create the ‘Docker Network’ using the gathered info:

docker network create -d macvlan \
   --subnet=<subnet from above> \
   --gateway=<gateway from above>  \
   --ip-range=<compatible with eth1 ip> \
   -o parent=eth0 <docker network name>

05 | Finally, launch the container using:

  docker run  --net --mac-address --ip
   --net = <the docker network we just created>
   --mac-address = <mac from above>
   --ip = <ip from above>

docker  run --rm  -it --name <container name> --net=<docker network name> --mac-address <mac from above> --ip=<ip from above> alpine:3.4 /bin/sh

Voilá! you gotta a container in true bridge mode! :sunglasses:

the process was tested and worked on:

- ubuntu 16.04 directly installed on machine
- windows 10 > virtual box > kali linux 
- windows 10 > vmware > debian
- windows 10 > vmware > kali

*all vms in bridge mode, did not test without promisc mode

then I did a bash script to automate the process and added the option to create multiple containers, each with it’s own ip, and another one to clean up the mess and remove everything once you done. good fun!

if you wish to create more than one container, repeat steps 1, 2, 3 and 5, but use eth2, eth3 etc
note that you may need to set the subnet mask to acommodate a larger range than the default one when creating mutiple containers. Also, your isp needs to allow mutiples ips, if you can run a vm in bridge mode ,you’re probably good to go, but test to see what your limit is.

(Sam) #48

Interesting but it sounds like you need a network / container right? Also you could use the little routine that I posted for creating the MAC address so you don’t have to change it

(Kbr0n) #49

Interesting but it sounds like you need a network / container right?

what do you mean?

The changing mac thing can be avoided if you choose to delete eth1 instead of just taking it down. But, once I´m finished, I release the ip, so I need eth1 to be up again. So, it does not matter which mac I use, I need to change it before bringing the container up, got it?

Container with dedicated internal IP accessible from entire network