Hi

I was wondering if someone could shed some light on the issue im having,

Currently i have my VM working with various dockers with no issue, But in that virtual machine i have a samba container which uses ports like 88 for kerberos and 53 for DNS and its working fine.

The question is that for me not to create another VM because i cannot have the same ports working on the same network card, would it be possible to add another physical NIC and bind to the docker container and add another container with port 88 and 53 for the second NIC?

something like this?

Thank you

When you publish a container port to a host, by default (when -p host-port:container-port is used) it will bind to 0.0.0.0. It is possible to specify the ip to bind to: -p existing-host-ip:host-port:container-port (note: this feature is not supported on swarm service deployments)

Furthermore, you could leverage a macvlan network to have ips from the host lan. macvlan has been discussed plenty of times in the forum, and there are plenty of blog posts covering the topic.

Thanks for the reply, so i was reading a bit on the macvlan and ipvlan and from this blog MacVLAN vs IPvlan: Understand the difference - IP With Ease

in these examples its using the same eth0 while in my example i have two physical NIC

i tried the following to create the network

docker network create --driver bridge --subnet=10.10.0.0/16 --gateway=10.10.0.1 --attachable --opt com.docker.network.bridge.name=br1 --opt com.docker.network.bridge.interface=ens19 my_network

then i checked the networks

brctl show
bridge name	bridge id		STP enabled	interfaces
br-522110d958b1		8000.02421cca33f7	no		veth2799371
							veth65bd2f5
							veth810f056
br-cdf878e0c41e		8000.024226ab1d40	no		
br-f420e4a6a522		8000.0242920601a9	no		veth3aefb4d
							veth713f76c
							vethcba144e
br1		8000.0242d3e21cd1	no		vethd877dfe
docker0		8000.02425a51970f	no		veth8a70b5d

but after that not sure how i can incorporate it on a docker compose? i have something like this an example

version: '3.9'

services:
  # Database
  db3:
    image: mysql:8.0
    volumes:
      - /wordpress3/db_data:/var/lib/mysql
    restart: always
    environment:
      MYSQL_ROOT_PASSWORD: mypass
      MYSQL_DATABASE: wordpress
      MYSQL_USER: wordpress
      MYSQL_PASSWORD: mypass
    networks:
      - my_network
  # phpmyadmin
  phpmyadmin3:
    depends_on:
      - db3
    image: phpmyadmin/phpmyadmin
    restart: always
    ports:
     - "8085:80"
    environment:
      PMA_HOST: db3
      MYSQL_ROOT_PASSWORD: mypass
    networks:
      - my_network
  # Wordpress
  wordpress3:
    depends_on:
      - db3
    image: wordpress:latest
    ports:
     - "8086:80"
    restart: always
    volumes:
      - /wordpress3/html:/var/www/html
    environment:
      WORDPRESS_DB_HOST: db3:3306
      WORDPRESS_DB_USER: wordpress
      WORDPRESS_DB_PASSWORD: mypass
    networks:
      - my_network

networks:
 my_network:
   name: my_network
   driver: bridge
   driver_opts:
      com.docker.network.bridge.name: my_network
volumes:
  db_data:
  html:

Thank you

Did I understand correctly that you checked macvlan and ipvlan and concluded not to use them?

Instead, you manually created a network using the cli, but don’t know how to use it in the compose file?

If this is the case, then adding external: true will allow you to use the manually created network:

networks:
 my_network:
   name: my_network
   external: true

see: https://docs.docker.com/compose/compose-file/06-networks/#external

In cases where it’s unclear how to achieve something in compose, It usually helps a great deal to take a look in the compose file specifications:

Thank you so much for the reply, so i went with the approach of the macvlan i did the following

so on my linux host which has the second nic i ran

ip addr show ens19

    ens19: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 72:86:71:fd:70:6a brd ff:ff:ff:ff:ff:ff
    inet 192.168.7.111/24 brd 192.168.7.255 scope global ens19
       valid_lft forever preferred_lft forever
    inet6 fe80::7086:71ff:fefd:706a/64 scope link
       valid_lft forever preferred_lft forever

Because i need my AD docker to have the IP 7.111 i created the network

docker network create -d macvlan \
--subnet=192.168.7.0/24 \
--gateway=192.168.7.254  \
-o parent=ens19 docker_macvlan

then created the docker compose

version: "3.1"

services:
  dc2:
    image: samba:ubuntu
    restart: unless-stopped
    build:
      context: .
      dockerfile: dockerfiles/ubuntu
      args:
        SMB_VERSION: "${SMB_VERSION:-latest}"
    container_name: dc2
    hostname: DC2
    privileged: true
    environment:
      REALM: DGS2.NET
      DOMAIN: DGS2
      ADMIN_PASS: Passw0rd
      DNS_FORWARDER: 8.8.8.8
    networks:
      docker_macvlan:
        ipv4_address: 192.168.7.111
    volumes:
      - dc2-local-samba:/usr/local/samba

networks:
 docker_macvlan:
   name: docker_macvlan
   ipam:
      driver: macvlan
      config:
        - subnet: 192.168.7.0/24

volumes:
  dc2-local-samba:

Now that it shows correctly

image1577×146 23.2 KB

but when i try to connect to the domain it seems that it cannot find it

image723×501 113 KB

as i know its working because if i try to connect to the first domain controller works with no issue

image1211×806 204 KB

You either create your network by using docker network create and refer to in your compose file as external: true or you declare the network completely in the compose file without external: true.

For macvlan networks, it is important that the network does not have a dhcp server, otherwise you need to specify --ip-range with a cidr range withing the subnet that is not handled by dhcp.

Even though this seems to be not a problem for you yet, it is still good to know: security features of the linux kernel prevent direct communication between the macvlan parent interface (=host interfaces) and the macvlan child interfaces (=container interfaces). Hosts in the subnet, or hosts routed from other subnets can access the macvlan child interfaces.

Thank you so much for the reply, would it be something like this?

version: "3.1"

services:
  dc2:
    image: samba:ubuntu
    restart: unless-stopped
    build:
      context: .
      dockerfile: dockerfiles/ubuntu
      args:
        SMB_VERSION: "${SMB_VERSION:-latest}"
    container_name: dc2
    hostname: DC2
    privileged: true
    environment:
      REALM: DGS2.NET
      DOMAIN: DGS2
      ADMIN_PASS: Passw0rd
      DNS_FORWARDER: 8.8.8.8
    networks:
      docker_macvlan:
        ipv4_address: 192.168.7.111
    volumes:
      - dc2-local-samba:/usr/local/samba

networks:
 docker_macvlan:
   name: docker_macvlan
   external: true
   ipam:
      driver: macvlan
      config:
        - subnet: 192.168.7.0/24

volumes:
  dc2-local-samba:

Uhm, very much like the complete example I shared in an earlier post:

Of couse you need to modify the example to use your network name inside the compose file and the name it has external, like you did in your last post.

Note: networks (and volumes) are immutable objects - even if they are managed in a compose file, changes will not be applied to them. Once they are removed (docker network rm, docker volume rm), they can be re-created by compose with the current configuration.

Thanks for the reply,

so i tried like this compose, but still cant seem for the PC to find the AD

version: "3.1"

services:
  dc2:
    image: samba:ubuntu
    restart: unless-stopped
    build:
      context: .
      dockerfile: dockerfiles/ubuntu
      args:
        SMB_VERSION: "${SMB_VERSION:-latest}"
    container_name: dc2
    hostname: DC2
    privileged: true
    environment:
      REALM: DGS2.NET
      DOMAIN: DGS2
      ADMIN_PASS: Passw0rd
      DNS_FORWARDER: 8.8.8.8
    networks:
      docker_macvlan:
        ipv4_address: 192.168.7.111
    volumes:
      - dc2-local-samba:/usr/local/samba

networks:
 docker_macvlan:
   name: docker_macvlan
   external: true

volumes:
  dc2-local-samba:

Thank you