I'm using the Digital Ocean. The interface "eth1" is private and the "eth0" is public. How to make the bridge created by docker docker0
use only the private interface eth1?
The bridge created by docker isn't attached to any physical interface. External access is mediated by layer 3 forwarding and NAT rules in your iptables nat
table.
This means that you can control which interface is used by Docker containers by manipulating your routing table and or firewall rules. For example, to prevent your containers from forwarding traffic out eth0
:
iptables -A FORWARD -i docker0 -o eth0 -j DROP
This would drop any traffic from containers that would go out eth0
.
Of course, if (a) your container is trying to access an external host and (b) the only route to that host is via your default gateway, which is probably out eth0
, then your container is now out of luck.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With