How to configure docker default bridge work with unusual network configuration?
A lot of details about networking and bridge can be found at:
- Ubuntu: https://help.ubuntu.com/community/NetworkConnectionBridge
- Docker: https://docs.docker.com/articles/networking/#building-your-own-bridge.
As I have a VM with Ubuntu 14.04, I'm not sure if that would reproduce the solution. However, I have the same exact situation in my office, where some VPN servers give the same exact default network IP that Docker uses by default on docker0 bridge. The behavior of being able to use Docker from the office and not being able to use docker when VPN'ed was really frustrating.
So, I have used the same strategy described at the link you used http://jpetazzo.github.io/2013/10/16/configure-docker-bridge-network/, but on RHEL 6.5 servers. However, I did try many different options to get it working:
- Used a different IP range
- Used a different mask
- Try manual setup first, then automate the permanent solution.
I have the solution on RHEL 6.5 as follows:
[root@pppdc9prd6dq newww]# cat /etc/sysconfig/network-scripts/ifcfg-bridge0
TYPE=Bridge
DEVICE=bridge0
NETMASK=255.255.252.0
IPADDR=192.168.5.1
ONBOOT=yes
BOOTPROTO=none
NM_CONTROLLED=no
DELAY=0
Manually add bridge
Here are the steps for you to create a bridge manually:
1. Stop Docker
$ sudo service docker stop
2. Create the bridge
$ ip link add bridge0 type bridge
$ ip addr add 192.168.5.1/20 dev bridge0
$ ip link set bridge0 up
3. Update the Docker daemon to use the bridge
$ vim /etc/docker/daemon.json
$ { "bridge": "bridge0"}
4. Restart Docker
sudo service start docker
If everything is working fine, just permanently add the fix
Persistent
1. Same as manual
2. Update the following file
$ vim /etc/network/interfaces
auto bridge0
iface bridge0 inet static
address 192.168.5.1
netmask 255.255.252.0
bridge_ports dummy0
bridge_stp off
bridge_fd 0
3. Same as manual
4. Same as manual
And make sure that bridge-utils
are installed on the server, otherwise the bridge interface won't come up.
Maybe that would work? Anyway, try anything here and we can discuss and change this solution. I'm sure more people will have problems with this when they start using Docker internally behind a VPN.
Adam Miller
Updated on June 05, 2022Comments
-
Adam Miller almost 2 years
Basically, at work I have a dhcp address assigned as:
eth0 Link encap:Ethernet HWaddr 5c:26:0a:5a:b8:48 inet addr:10.10.10.193 Bcast:10.10.10.255 Mask:255.255.255.0 inet6 addr: <addr here>/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:3591236 errors:0 dropped:0 overruns:0 frame:0 TX packets:2057576 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:3449424352 (3.4 GB) TX bytes:384131635 (384.1 MB) Interrupt:20 Memory:e2e00000-e2e20000
and with this, my host, can connect to the internet just fine. But none of my docker machines can connect to the internet at work. Their configuration looks like this:
docker0 Link encap:Ethernet HWaddr 56:84:7a:fe:97:99 inet addr:172.17.42.1 Bcast:0.0.0.0 Mask:255.255.0.0 inet6 addr: fe80::5484:7aff:fefe:9799/64 Scope:Link UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:117799 errors:0 dropped:0 overruns:0 frame:0 TX packets:170586 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:4858816 (4.8 MB) TX bytes:122237788 (122.2 MB)
Everything works when I'm at home sitting beneath a traditional 192.168 router switch.
So, I'm thinking, if I somehow get docker0 interface to sit natted behind eth0, then everything would work, both at home and at work. But I'm not familiar with configuring linux interfaces. I found an article that talked about almost the exact same problem, but changing following those commands to add interface br0 to 10.10.10.200/24 made the following symptoms arise:
- My host no longer can resolve a domain name. Removing the interface br0 made this immediately work again
- The dockerized apps can now ping 4.2.2.1, but not 8.8.8.8 or 8.8.4.4 or resolve a domain name. Adding --dns 4.2.2.1 tp DOCKER_OPTS in /etc/default/docker.io does not solve the problem.
- The dockerized apps no longer can ping 4.2.2.1 or 8.8.8.8 or 8.8.4.4 after the br0 interface is removed
I haven't changed iptables; it's using the default docker configuration changes for a basic ubuntu 14.04 host.
How do I best configure the interfaces in order that docker allow the dockerized applications to connect to the internet both at home and work?