Public accessible IP in container (like bridge network in VirtualBox)

Hi,

I would like my container IP to be publicly accessible, is pipework (https://github.com/jpetazzo/pipework) the only option?

I basically want the same thing as setting the networking mode to “bridge” with VirtualBox. The VM gets a public IP that every machine on the network can access.

I do not want my container to share the same IP as my Docker host and taking over ports on the host.

Thanks,
Long

2 Likes

Hello,

One approach you can take that doesn’t involve pipework would be to add a bunch of IPs to your host machine. When you publish a port, you can specify the IP address it binds to.

Say I have a docker host, and it has the IP 198.51.100.10. If I do docker run -d -p 80:80 nginx, docker will bind to 0.0.0.0:80, which means my nginx container is using port 80 on 127.0.0.1 and 198.51.100.10.

If I add another ip address to the host, 198.51.100.12, and do the same thing, then I’d be able to access nginx on all three addresses: 127.0.0.1, 198.51.100.10, and 198.51.100.12.

If I delete the old one and launch a new container, docker run -d -p 198.51.100.12:80:80 nginx, then my nginx is only using port 80 on that one ip address. Port 80 on 127.0.0.1 and on 198.51.100.10 are still both closed, and can be used by another process.

It’s not exactly what you are asking for, but it just might serve your use-case.

Cheers!

2 Likes

Thanks Jeff.

That is a very viable option.

I am currently experimenting https://hub.docker.com/r/dreamcat4/pipework/, will report back if I succeed.

That solution seams more “integrated” and “automated”. I just specify extra environment variable when starting a container and it should just work.

With your solution I have to manage getting and renewing the lease of all IP myself. And outgoing connection from inside the container will probably still use the host IP as source IP and not its own IP.

Hi Jeff,

pipework did not work for me since I am on Centos 6.5. See issues I have https://github.com/dreamcat4/docker-images/issues/13 and https://github.com/jpetazzo/pipework/issues/180.

So I have to fallback to your suggestion now.

How do I “add a bunch of IPs to your host machine” exactly? Do you mean requesting multiple DHCP IP addresses for my same network card (same MAC address)? How do I do that?

Thanks,
Long

Totally depends on your configuration. Most multiple-ip-address setups I’ve seen involve static IP addresses. Another approach might be to create a bridge and some virtual network adapters each with their own mac address. You could run one dhcp client per virtual interface. It’s messier than just adding multiple static IPs, but would get the job done.

Hi Long,

Have you found a way to make that happen? You can create a new network with --driver bridge option and attach it to one of your network interfaces(e.g. eth1). Here’s an example:

# Delete the IP address from eth1
$ sudo ip addr del 192.168.33.10/24 dev eth1

# Create "shared_nw" with a bridge name "docker1"
$ sudo docker network create \
    --driver bridge \
    --subnet=192.168.33.0/24 \
    --gateway=192.168.33.10 \
    --opt "com.docker.network.bridge.name"="docker1" \
    shared_nw

# Add docker1 to eth1
$ sudo brctl addif docker1 eth1

After setting the bridge, you can run a container like this.

$ docker run --name container1 --net shared_nw --ip 192.168.33.11 -dt ubuntu
$ ping -c 3 192.168.33.11

I have a more detailed explanation on my github repo. Here’s the link if you’re interested.
https://github.com/kjtanaka/docker-example-shared-nw

Hi kjtanaka, could you provide more details please? Such as in which hosts this commands need to be run?

Where is the shared_nw and docker1 network be available? I.e. to host or container?

My system doesn’t have the command brctl, could you please confirm what this is for?
Many thanks

Tanaka, your suggestion seems not to work. I tried to check link to your detailed explanation, it is broken, we can not find the repository docker-example-shares-nw

Here’s the post about it I wrote at Qiita.com a while ago. I hope this will help.

cool, but, if your network uses DHCP (like everyone does), how do you keep from the DHCP server giving out the addresses you ‘made up’ to give to the containers… and how do you make this a generic (anyone can use it) solution?

pipework will work on a LOCAL machine (single docker host), OR on vmware VM (ONLY IF RUNNING in privileged mode, with Promiscuous mode turned on)… you can’t get it to work on amazon, or any other virtual hosting service as they do not allow promiscuous mode)…

HI @programmerq I like this approach - it works in my Ipv4 test network, I’m wondering if its possible to do the same for IPv6 using Global Unique addresses?
(My ISP is IPv6 native so not possible to expose any IPv4 ports)