Recently i found this for give to docker a "personal" ip
ip addr del 10.1.1.133/24 dev eth0
ip link add link eth0 dev eth0m type macvlan mode bridge
ip link set eth0m up
ip addr add 10.1.1.133/24 dev eth0m
route add default gw 10.1.1.1
On container i did
CID=$(docker run -d ...)
pipework eth0 $CID 10.1.1.133/24@10.1.1.1
This works fine if host and docker containers all are on same subnet(10.1.1.0/24 in this case)
But if i want to use a different subnet for dockers?
For example 10.2.2.0/24?
I have tried a iptables masquerade,but nothing works,the docker container cannot ping or reach external network(internet).
iptables -t nat -A POSTROUTING -m iprange --src-range 10.2.2.2-10.2.2.255 -o eth0 -j MASQUERADE
Of course ip forwarding is enabled
---------- Post updated 29-06-15 at 05:40 PM ---------- Previous update was 28-06-15 at 10:02 PM ----------
Solution found.
The host must setup as router,enable iptables NAT and enable route to new ip class,in this case eth0m is the bridged network
iptables -A FORWARD -i eth0m -o eth0m -j ACCEPT
iptables -A FORWARD -i eth0m -o eth0m -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0m -j MASQUERADE
pipework must use the new router,in this case is 192.168.0.254
pipework eth0 $DOCKID 10.8.3.1/24@192.168.0.254
and finally route must be added,in this case 10.8.3.0 is the other ip class
route add -net 10.8.3.0 netmask 255.255.255.0 dev eth0m