lowing docker containers to communicate with internet using a container as a gateway

General Discussions
1

Below is my configuration of my docker containers

network

nw1: This is a private network containers in this network cannot access the internet (ping google.com doesn’t work)

bridge:This is not a private network and is the default network of a container and containers in this network can access the internet (ping google.com works)

containers :

vm1_nw1:This container is connected to nw1(private network nw1)

vm2_nw1:This conatiner is connected to nw1(private network nw1)

ext_world_vm :This container is connected to both networks(nw1,bridge)

with the below configuration i was able to ssh from ext_world_vm to vm1_nw1 and vm2_nw1 i.e the containers vm1_nw1 and vm2_nw1 can be accessed using ext_world_vm container

    #!/bin/bash
	docker run --privileged --name vm1 -itd ubuntu
	docker exec vm1 useradd -c "saiteja" -m saiteja 
	docker exec vm1 echo "saiteja:saiteja"|chpasswd
	docker exec vm1 apt-get update -y
	docker exec vm1 apt-get install net-tools -y
	docker exec vm1 apt-get install iproute2 -y
	docker exec vm1 apt-get install iputils-ping -y
	docker exec vm1 apt-get install curl -y
	docker exec vm1 apt-get install iptables -y
	docker exec vm1 apt-get install openssh-server -y
	docker exec vm1 apt-get install ssh -y
	docker exec vm1 service ssh restart
	docker commit vm1 vm_with_nw:latest
	docker network create -d bridge nw1  --internal
	docker run --privileged --name vm1_nw1 -itd --network=nw1  vm_with_nw
	docker run --privileged --name vm2_nw1 -itd --network=nw1  vm_with_nw
	docker run --privileged --name ext_world_vm -itd vm_with_nw:latest
	docker network connect nw1 ext_world_vm
	docker exec ext_world_vm service ssh start
	docker exec ext_world_vm service ssh restart
	docker inspect ext_world_vm
	echo -n "enter ext_world_vm_ip:"
	read ext_world_vm_ip
	docker exec vm1_nw1 iptables -P FORWARD DROP
	docker exec vm1_nw1 iptables -A INPUT -m state --state INVALID -j DROP
	docker exec vm1_nw1 iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
	docker exec vm1_nw1 iptables -A INPUT -i lo -j ACCEPT
	docker exec vm1_nw1 iptables -A INPUT -s ${ext_world_vm_ip} -j ACCEPT
	docker exec vm1_nw1 service ssh start
	docker exec vm1_nw1 service ssh restart
	docker exec vm1_nw1 iptables -P INPUT DROP
	docker exec vm2_nw1 iptables -P FORWARD DROP
	docker exec vm2_nw1 iptables -A INPUT -m state --state INVALID -j DROP
	docker exec vm2_nw1 iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
	docker exec vm2_nw1 iptables -A INPUT -i lo -j ACCEPT
	docker exec vm2_nw1 iptables -A INPUT -s ${ext_world_vm_ip} -j ACCEPT
	docker exec vm2_nw1 service ssh start
	docker exec vm2_nw1 service ssh restart
	docker exec vm2_nw1 iptables -P INPUT DROP
	echo "done"

The following is my problem statement

now i want to configure these containers as follows

1st configuration:
The containers vm1_nw1,vm2_nw1 must be able to access the internet via ext_world_vm (i.e ext_world_vm must act as gateway for vm1_nw1,vm2_nw1 ping google.com should work from vm1_nw1,vm2_nw1)

The following is what i have tried but the outcome was not successful:

ext_world_vm

	echo 1 > /proc/sys/net/ipv4/ip_forward
	iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
	iptables -A INPUT -i eth0 -j ACCEPT
	iptables -A INPUT -i eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
	iptables -A OUTPUT -j ACCEPT

vm1_nw1,vm2_nw1:

     route add default gw <ext_world_vm ip address> eth0

please help me configure such that the containers in private(vm1_nw1,vm2_nw1) network can access the internet using the container in bridge network(ext_world_vm i.e it should act as gateway for vm1_nw1,vm2_nw1)