Connect docker containers directly to host subnet

Question

I'm facing some problems trying to directly connect docker containers to the network of the host.

The configuration is as follows One host has one interface (eth0) in the subnet, say, 10.0.15.0/24. The IP on eth0 is 10.0.15.5/24. I customized the docker0 bridge to use a subnet within the subnet available from eth0, namely 10.0.15.64/26. So docker can use IPs from this /26 to give to containers, and I want the containers to be directly accessible from the rest of the network. The docker bridge also has an IP set, namely 10.0.15.65/26.

When a containers is created, it gets an IP, say 10.0.15.66/26. Now, I did some test with pinging:

• anything on the network can ping 10.0.15.5 (eth0 of host)
• anything on the network can ping 10.0.15.65 (docker0 bridge of host)
• host can ping 10.0.15.66 (ip of container)
• container can ping anything on the network
• anything other than the host can not ping the container at 10.0.15.66

IP forwarding is turned on

[root@HOSTNAME~]# cat /proc/sys/net/ipv4/ip_forward
1

What am I missing here? The containers connected to the docker0 bridge should be reachable from the network I think.

Expected behaviour Containers should be pingable from anywhere on the network, just like the docker0 bridge etc.

Any thoughts or help would be greatly appreciated!

Answer 1

Finally figured out why it wasn't working for us. The machine I was running the docker container in, was a VM on a hypervisor. The hypervisor only accepts one MAC address from the NIC attached to the VM. In other words, the NIC in the VM was not set to promiscuous mode.

What I did to work around this issue was just use a bare metal machine. Another solution would be to manually set the NIC to promiscuous mode, so it accepts all packets, instead of just the packets for it's own MAC.