Bind physical NICs to containers for docker

virtual-machine docker
11,838

Solution 1

When you expose ports on Docker using the -P or -p options it is just creating an iptables Destination NAT or DNAT entry. You can even look at those entries by running the command below.

iptables -t nat -nL
...    
Chain DOCKER (2 references)
target     prot opt source               destination
DNAT       tcp  --  0.0.0.0/0            0.0.0.0/0      tcp dpt:8001 to:172.17.0.19:80
DNAT       tcp  --  0.0.0.0/0            0.0.0.0/0      tcp dpt:8002 to:172.17.0.20:80

By default docker will use the 0.0.0.0/0 (i.e. all interfaces) specification to forward ports too and from docker container hosts. However you could replace those rules to forward only from selected interfaces.

So Say I have two web-servers both wanting to listen on port 80. I would run them as follows. Note that I am not exposing any ports. This so that only our created IP Tables rule allows access to these nodes.

docker run --name web1 -t something/web-server
docker run --name web2 -t something/web-server

Run docker inspect to get the Virtual IP of the container

docker inspect web1 | grep IPAddress
IPAddress": "172.17.0.19",
docker inspect web2 | grep IPAddress
IPAddress": "172.17.0.20",

Now add in DNAT rules for the specific interfaces:

iptables -t nat -A DOCKER -p tcp -d [INTERFACE_1_IP] --dport 80 -j DNAT --to-destination 172.17.0.19:80
iptables -t nat -A DOCKER -p tcp -d [INTERFACE_2_IP] --dport 80 -j DNAT --to-destination 172.17.0.20:80

Solution 2

Update 2018-05

After doing some research (which is not very easy if you don't know the right keywords) on this topic I believe there are updated ways to do this depending on whether you are trying to bind Linux or Windows containers to physical NIC ports (solutions not tested):

Linux: Use a macvlan network configuration. See this docker doc

Windows: Use an External Virtual Switch for each docker container. See this Microsoft doc

EDIT: There is an even easier way to do this on Windows that automatically sets up the External Virtual Switch as noted in this Microsoft doc. I have tested this method and it works great. This uses a transparent docker network type.

Hopefully this helps future googlers

Share:
11,838
Admin
Author by

Admin

Updated on July 23, 2022

Comments

  • Admin
    Admin almost 2 years

    I have 4 NICs installed in my host PC. I want to launch different docker's containers with binding different physical NICs to each container. How can I do for docker? For VirtualBox, this can be done with creating bridge adapter for each VM of the physical NICs.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Disk size of a docker image
How do i know my CPU supports Docker?
Unable to start: The running command stopped because the preference variable "ErrorActionPreference" or common parameter is set to Stop
What are the typical uses cases for LXC versus VM?
Getting "Protocol Error" when trying to create a symlink in Docker
Enable Virtualization for Windows 10 Pro running inside VirtualBox
apk tool gives permission denied
How to install docker from apt on Ubuntu?
What are the benefits of running a docker container inside a VM vs running docker containers on bare metal?
What do the processes inside a Docker container look like?