Resources

• https://docs.docker.com/engine/reference/run/#network-settings
• https://docs.docker.com/engine/userguide/networking/default_network/binding/ port forwarding
  • By default Docker containers can make connections to the outside world, but the outside world cannot connect to containers.
  • masquerading rule on the host machine that the Docker server creates when it starts: check $ sudo iptables -t nat -L -n
• https://docs.docker.com/engine/userguide/networking/default_network/container-communication/#communicating-to-the-outside-world

Easiest Network: host

• With the network set to host a container will share the host’s network stack and all interfaces from the host will be available to the container. The container’s hostname will match the hostname on the host system. Note that --add-host --hostname --dns --dns-search --dns-opt and --mac-address are invalid in host netmode.
• Compared to the default bridge mode, the host mode gives significantly better networking performance since it uses the host’s native networking stack whereas the bridge has to go through one level of virtualization through the docker daemon. It is recommended to run containers in this mode when their networking performance is critical, for example, a production Load Balancer or a High Performance Web Server.
  • Note: --net="host" gives the container full access to local system services such as D-bus and is therefore considered insecure., is acceptable to me via

bridge

• rules firewall-cmd --add-forward-port=port=8081:proto=tcp:toport=80:toaddr=172.18.0.2 --permanent

First, you can supply -P or --publish-all=true|false to docker run which is a blanket operation that identifies every port with an EXPOSE line in the image’s Dockerfile or --expose <port> commandline flag and maps it to a host port somewhere within an ephemeral port range. https://docs.docker.com/engine/userguide/networking/default_network/binding/

• Take care when using with kvm bridge

Mapping from external network

ipv4 Forwarding

info

• https://youtu.be/NvtxLzXpAcM?t=210
• docker run -t -i --name webinside --expose=80 -P rhel6d /bin/bash expose only internal machine
• docker run -t -i --name webexternal -p 80:80 rhel6e /bin/bash
  • even after docker stop webexternal, docker start webexternal keeps the ports
  • on host machine systemctl disable httpd
• checkout new rules with sudo iptables -v -t nat -L -n
• Best solution for container migration always get typicall internal docker ips Gateway: "172.17.0.1"

multipleports

• docker run -i -t --name multipleports -p eth0ip:81:80 -p eth1ip:81:80 centos:6 /bin/bash

Direct assign public ip

• with host

Performance

• https://www.percona.com/blog/2016/02/05/measuring-docker-cpu-network-overhead/

Semantic list

• Docker fails to allocate and map port
• Docker network
• WARNING: bridge-nf-call-iptables is disabled

Info

• https://docs.docker.com/engine/userguide/networking/work-with-networks/

Tips

• Alwasy setup fixed ip on the network, otherwise on re-run the container, could mess the apache settings

Manual change

• docker start/stop after network setup manual Bringing up interface eth0: Device eth0 has different MAC address than expected, ignoring.
• Shutting down interface eth0: Device eth0 has MAC address 02:42:AC:11:00:02, instead of configured address 52:54:00:D0:FB:FA. Ignoring.
• change also mac