Docker Community Forums

Share and learn in the Docker community.

Using secondery IP for docker

Hi, Ime trying to get our company to start using docker and as the main IP for our production server is being used (its managed via virtualmin) I got us a second IP for docker stuff and am trying to work out how to get docker containers to use it.

A lot of googling has kind of helped but I think the dest thing to do is set the IP for the network so when I do

docker network create nginx-proxy

Can I specify which IP address for it to use? Looking at the docs I see --ip-range` but nothing to specify a specific IP. Can I just do something like

docker network create --ip-range=x.x.x.x nginx-proxy

The main IP address is enp7s0 and the secondary one is enp7s0:0, they are both bound to the same NIC.

Regards,
Ben

It is not possible to assign a host ip to container.
Though, for plain docker containers you can bind published ports to a host ip, if you use the port mapping like this -p host_ip:host_port:container_port, the same syntax can be used with docker-compose. For swarm service containers the option does not exist.

Ime not trying to assign it to a container, ime trying to get the whole of docker, or a docker network, to not use the primary IP. I have got a second IP for the server and I want ot use it for docker.

Please try the forum search with the keywords “mavclan” and “ipvlan” and check if this is what you want. .

I am not going to give any advice on those aproaches, as I believe they are unnecessary - I ran dozens of swarm environment in production and NEVER had to use either one of both. Published ports on containers in (docker) overlay or bridged networks are sufficient for most usecases.

Thanks, did a search on mavclan and got one hit, this thread. Anyway think I found a solution

iptables -t nat -I POSTROUTING -p all -s 172.17.0.0/16 -j SNAT --to-source 5.6.7.8

Does this seem sensible. As you say mavclan/ipvlan are unnecessary maybe the above is a good solution?

:blush: my bad, it should have been macvlan and not mavclan.

Someone else need to respond to the iptables rule. Never needed to modify for docker in the past 5 years.