Questions tagged as ['docker-networking']
Hi I am trying to run ebtables within docker however none of the ebtables rules are being hit.
For example - pay attention that counters are not increased though ARP is sent and succeeds
[root@injector /]# ebtables -A OUTPUT -p ARP -j ACCEPT
[root@injector /]# ebtables -Lc --Lc --Lx
Bridge table: filter
Bridge chain: INPUT, entries: 0, policy: ACCEPT
Bridge chain: FORWARD, entries: 0, policy: ACCEPT
...
I am running several services in docker containers for my homelab, and I need them to be accessible from their own distinct IPs. My host system is running debian "bullseye".
From the docker documentation, it seems natural to use a macvlan network in bridge mode, and the default way is working correctly for me.
However, I try to use a minimum of manual IPs in my network, and instead try to have my ...
I'm trying to run redis in a docker container on AmazonLinux, and I can't for the life of me get it to forward the port. It starts as it should and appears to be working, but there is no process listening on 6379 on the host box, as one would expect. What should I do?
Here is uname -a:
Linux <host name omitted>.internal 5.4.176-91.338.amzn2.x86_64 #1 SMP <start time omitted> x86_64 x86_ ...
I am trying to start OpenVPN server for accessing resources on VPC network.
I have two network interfaces, public eth0 and VPC eth1. And an OpenVPN working in a docker container. But I want to use this VPN only to access resources over eth1 interface. And make it impossible to access internet over that VPN. So I want to map OpenVPN inbound port 1194/udp to eth0 in order to access VPN server. And ...
...after having followed a bunch of tutorials, e.g.
I started the grafana container with:
%box docker run -d -p 3000:3000 --add-host=host.docker.internal:host-gateway --name grafana grafana/grafana-oss
But when I try to reach the prometheus instance from the grafana container it doesn't wo ...
I'm having a peculiar issue. When I make requests running my script on my local machine and go through the (paid and authenticated) proxy, it runs just fine. However, when I containerize the application and attempt to run again, I get the following error:
File "/usr/local/lib/python3.7/site-packages/requests/adapters.py", line 513, in send
raise ProxyError(e, request=request)
requests.exception ...
I have a Portainer VM with 3 interfaces attached (eth0-eth2). I would like the containers to request IP from the DHCP Server that is located on each interface at x.x.x.1.
Lets take as an example eth0:
The subnet of this interface is 172.16.0/27 and I would like my containers get in IP in the range of 172.16.0.17-30. Under Portainer networks, I added another network with the following settings:
- Na ...
I want to install NextCloud (https://hub.docker.com/_/nextcloud) via docker-compose.
After analyzing the docker-compose structure, I see that this image is composed of two services (app and db).
Currently, in a server, I have all docker based services running in a macvlan network so that they are visible to the rest of the devices in the network
How can I tweak the NextCloud docker-compose file in ord ...
I have a bind9 DNS container running on 10.64.128.53, which is on the docker network "servers" on the subnet 10.64.128.0/24. this works fine and if I run:
nslookup google.com 10.64.128.53
I get the output:
Server: 10.64.128.53
Address: 10.64.128.53#53
Non-authoritative answer:
Name: google.com
Address: 216.58.193.142
When I run the same command in a docker container: docker ru ...
How can I add a network interface (either a physical like eth0 or virtual like tap) to Docker Overlay network overlaynet? So that my interface becomes part of the layer 2 network with the other containers in that Overlay network?
When I used to deploy applications on a single Docker host, I just used to do the following to add a network interface to a Docker bridge network:
ip link set $my_network_inte ...
I followed the answers here and changed the daemon.json to:
{
"bip": "10.200.0.1/24",
"default-address-pools": [
{ "base":"10.201.0.0/16","size":24 },
{ "base":"10.202.0.0/16","size":24 }
]
}
as I wanted to change the IP range used by the docker networking. However, when I start there is still a bridge created belonging to the IP range I wanted to move away from:
8: br-6c870af107ba: &l ...
I'm trying to setup docker on a company VM on Ubuntu 20.04.
At first I couldn't even start the service because it seems there was a conflict with the pre-existing routes.
If I run the route command I get this:
Destination Gateway Genmask Flags Metric Ref Use Iface
default 0.0.0.0 0.0.0.0 UG 20 0 0 eno3np0.1169
10.0.0.0 0.0.0.0 ...
I have setup a Docker Swarm using 3 servers;
Master node
Home - local IP 192.168.178.250
Worker node 1
Remote - local IP 10.10.10.200
Worker node 2
Remote - local IP 10.10.10.250
Both sites have a Unifi gateway (USG Pro/USG) and I've setup a site-to-site connection between them (auto settings, IPSec VTI)
I was able to add the 2 nodes using join tokens from the master since both worker nodes can access ...
This one has got me confused:
I have a pfSense firewall (let's call it pfs) and behind it several servers.
I NAT several services from my public IP to different servers on the LAN without any issues.
On one of the servers (let's call it s1) I'm running a vagrant (with libvirt) VM (let's call it v1) with a public network configured, which gets IP 192.168.1.159 via pfss DHCP server.
Now I configure a simpl ...
I am new with docker and have installed docker in rootless mode, which works just fine. The problem is that with this the guides for firewall with docker does not work (I have no network-interface 'docker0' nor a iptables-chain 'DOCKER-USER') and I could not find a site which explains how to setup a firewall for docker-rootless.
My specific use-case is to control outgoing traffic from the contain ...
I am using Ubuntu 21.10 on a Rasberry Pi 4 (aarch64) and when I try to run a Docker (using version 20.10.7) container it returns the following error message:
docker: Error response from daemon: failed to create endpoint goofy_hypatia on network bridge: failed to add the host (veth3da4a58) <=> sandbox (veth987ce17) pair interfaces: operation not supported.
ERRO[0000] error waiting for containe ...
In the process of migrating our docker infrastructure to a docker swarm cluster we are experiencing performance issues when containerized APIs are calling outside ressources (e.g. elasticsearch queries to elastic cloud, or other API's on MS Azure, etc.)
Our first investigations have shown that 1) queries from the hosts are not affected, only traffic from containers is delayed, and 2) the first qu ...
I have a server A, and it runs a container B (say an SSH server). I want to allow people doing some computation on B that does not access the network.
Using docker run --publish=${MY_PORT}:22 ..., I expose container B's port to allow people to connect into B. This way people can ssh into B using A's ${MY_PORT} port. However, people can initiate TCP connections to other servers (e.g. 8.8.8.8), so t ...
Given:
- I have a containerized service that sends UDP packets to a list of network elements (3rd party syslog sink servers).
- Each target network element is specified by IP address, its port number is constant, the same for each node.
I need to create a simple test environment - like in the graph below. The main service emits syslog messages, on the graph it's named PRODUCER CONTAINER.
TEST CONTAINER
recently, I have started to migrate a webserver with several apps to new server and bundling every app in a docker container. My current setup consist of nginx for reverse proxy and database servers running on the server itself and all web applications running in their own docker containers.
I am now trying to secure the webserver using iptables, like I was doing for many years before. I need to ...
I'm trying to implement a pretty simple firewall in Fedora, where the public internet can access SSH, HTTP, HTTPS and Cockpit, but nothing else. Meanwhile, the servers run microservices via Docker that can talk to each other on ports 8000-8999.
I set this up on a fresh Fedora Server install with the following commands:
firewall-cmd --zone=public --add-service=cockpit
firewall-cmd --zone=public --add-se ...
I've run out of ideas as to why I can't connect to this nginx inside or outside of the docker. I can understand that networking might cause a problem outside the machine, but even inside the docker nginx is not responding even though you can see it running and listening (inside the docker). Outside the docker, maybe the port isn't mapping thru but it seems to be configured such that it should.
Is it possible to prevent docker from defining default route when using docker-compose yaml file?
If my docker-compose.yaml defines network ipam with default driver and any subnet, seams like docker (or docker compose) automatically assigns default route to the routing table of the docker that is attached to this network). Is there any way to disable it?
My goal was, that Jenkins container will "talk" with Ansible container in order to create Jenkins file for Jenkins pipeline.
I was expected that those two container will "join" to bridge network and get 2 IP addresses of the same network id, but instead additional two networks were created, and each container got IP of different Network id.
Also, expected that those two container will have acces ...
I need to run a docker in a pre-existing namespace, which wasn't created by docker infrastructure. Is it possible to do ? I am aware of reusing another container option but as I mentioned the pre-existing ns wasn't created by one ( so answer to this question is irrelevant). I need solution for Linux.
We want to know what algorithm the Docker mesh uses to route requests to containers. Here's why:
We deploy our applications to self-hosted docker swarms. We use the docker routing mesh to direct traffic to the individual nodes, like this:
- internet ->
- firewall ->
- load director (nginx) ->
- nginx "least connection" routing to three swarm managers ->
- docker mesh ->
- Any of the six app con ...
I administer a small cluster which has several different services running, including grafana monitoring as a container, cloud file storage as a container (nextcloud), and a FreeIPA server on bare metal. I want to put the cloud storage service behind a reverse proxy (https://hub.docker.com/r/jwilder/nginx-proxy) to enable https, but I can't use port 80 for this, because it's already being used by the IP ...
I have an EC2 registered to ECS cluster on which tasks can run. Originally I chose the awsvpc network mode so every task(container) had it's own ENI(IP). But I ran into limitation at https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html#AvailableIpPerENI
ENI Limit is 3 for m5.large instance type
So I changed the network mode to bridge Will using the bridge network limit the tasks to 10 be ...
Situation: Several VPS servers around the US connected to my laptop via wireguard mesh network. For wireguard mesh network Im using tool called innernet (https://github.com/tonarino/innernet).
So basically its like my laptop and vps servers are on same internal network.
VPS ip = 10.32.89.1
laptop ip = 10.32.90.1
Looks like VPS and laptop has this virtual interface defined (not sure if this matters): ...
i've setup a docker host, and wanted to setup nextcloud with collabora-office. But it simply does not find the collabora host. my compose file is the following:
version: '3.2'
services:
db:
image: mariadb:10.5
restart: always
volumes:
- db:/var/lib/mysql
environment:
- MYSQL_DATABASE=xxx-nextcloud
- MYSQL_USER=xxxnc
- MYSQL_PASSWORD=evilcorp
- MARIAD ...