I have very simple use-case, but can’t figure out how to achieve desired result.
Sometimes I’m connecting to VPN and eventually noticed, that containers then works through tunnel too. Obviously, it’s because on host changes default gateway.
But how to preserve (force) default gateway for containers? I don’t want to change externally visible container IP.
My setup is very simple: host network is 192.168.0.1/24, gateway is 192.168.0.1 (default for D-Link router), and containers network just bridge:
I don’t know how to route SOME traffic locally…
it IS doable, as when I worked at home, i printed to my local Lan printer by IP address while connected to the corp VPN.
Yeah, it should be doable. What I’m looking for is how to specify default gateway for docker service instead of using system gateway.
I’m tried to force all traffic through router by
iptables -t nat -A PREROUTING -s 192.168.1.0/24 -j DNAT --to-destination 192.168.0.1
iptables -t nat -A POSTROUTING -j MASQUERADE
But seems it does not work, and my knowledge of routing and iptables fairly poor.
Solved it by:
echo “200 docker” >> /etc/iproute2/rt_tables # create table
ip rule add from 192.168.1.0/24 table docker # assign network for it
ip route add default via 192.168.0.1 dev enp2s0 table docker # assign gateway for table
ip route flush cache
Now docker always go through 192.168.0.1 (LAN gateway).
great, thanks for the feedback