0

My host has 2 IP addresses. One main (management) IP and one that is used for services and whitelisted. The service IP has no gateway but goes through the gateway of the management IP.

My netplan looks like that:

network:
    version: 2
    ethernets:
        enp7s0:
            addresses:
            - 93.XX.XX.44/24
            - 93.XX.XX.33/27
            match:
                macaddress: 00:02:c9:4f:b2:4c
            mtu: 1500
            nameservers:
                addresses:
                - 1.1.1.1
                - 1.0.0.1
            routes:
                - on-link: true
                  to: 0.0.0.0/0
                  via: 93.XX.XX.1
                  from: 93.XX.XX.33
                  metric: 100
            set-name: enp7s0

So far the host networking works totally fine. IP route shows the following:

default via 93.XX.XX.1 dev enp7s0 proto static src 93.XX.XX.33 metric 100 onlink

So the correct .33 IP is used for network requests. And there is no route with the management IP (which is what I want).

Now, within Docker, if I do curl https://icanhazip.com/, I see the management IP (.44).

I read a little bit about Docker networking but can't seem to find any way to specifically set routing for Docker Bridge networks. Is there a way to globally (or at least per network) enable routing through a specific IP?

Ybrin
  • 111
  • 1
  • it might be related to .44 being the first IP in the list and the behavior of iptables' MASQUERADE target (chooses the 1st IP). – A.B Jul 11 '22 at 15:28
  • also I'm not sure about your statement "And there is no route with the management IP". .44 is certainly reachable or can reach using the default route. `src 93.XX.XX.33` is a hint which can be overridden for various reasons, as Docker shows. Actually I'm not even sure what you're trying to achieve. Obviously some security with the management IP address, but can this be more precise? – A.B Jul 11 '22 at 15:34
  • @A.B You are right, the IP is reachable but there is no reason for any program to not follow the hint. – Ybrin Jul 11 '22 at 23:21
  • @A.B It was indeed MASQUERADE related. I solved it already and will post an answer soon. – Ybrin Jul 11 '22 at 23:22

0 Answers0