Docker on CentOS with bridge to LAN network

I have a server VLAN of and my Docker host is How do I configure a bridge network on my Docker host (VM) so that all the containers can connect directly to my LAN network without having to redirect ports around on the default I tried searching but all the howtos I’ve found so far have resulted in losing SSH session which I had to go into the VM from a console to revert the steps I did.

  • Mount docker host volume but overwrite with container's contents
  • apt-get fails within container without sudo
  • Limit number of open files in a Container
  • AWS Container Service - what is the logging best practice?
  • Docker containers clustering
  • docker network port binding
  • Upgrade docker-compose version on windows 7
  • karma phantomjs not capturing in docker container
  • Dockerfile build error and writes to another folder
  • Docker: Swarm worker nodes not finding locally built image
  • MSSQL Server for Linux Docker Versions
  • How to access mysql that which is in docker container from another host machine?
  • One Solution collect form web for “Docker on CentOS with bridge to LAN network”

    There’s multiple ways this can be done. The two I’ve had most success with are routing a subnet to a docker bridge and using a custom bridge on the host LAN.

    Docker Bridge, Routed Network

    This has the benefit of only needing native docker tools to configure docker. It has the down side of needing to add a route to your network, which is outside of dockers remit and usually manual (or relies on the “networking guy”).

    Routed network

    1. Enable IP forwarding

      /etc/sysctl.conf: net.ipv4.ip_forward = 1
      sysctl -p /etc/sysctl.conf

      Create a docker bridge with new subnet on your VM network, say

      docker network create routed0 --subnet
    2. Tell the rest of the network that should be routed via 10.101.10.X where X is IP of your docker host. This is the external router/gateway/”network guy” config. On a linux gateway you could add a route with:

      ip route add via
    3. Create containers on the bridge with addresses.

      docker run --net routed0 busybox ping
      docker run --net routed0 busybox ping

    Then your done. Containers have routable IP addresses.
    If you’re ok with the network side, or run something like RIP/OSPF that takes care of routing then this is the cleanest solution.

    Custom Bridge, Existing Network (and interface)

    This has the benefit of not requiring any external network setup. The downside is the setup on the docker host is more complex. The main interface requires this bridge at boot time so it’s not a native docker network setup. Pipework or manual container setup is required.

    Shared bridge

    Using a VM can make this a little more complicated as you are running extra interfaces with extra MAC addresses over the main VM’s interface which will need additional “Promiscuous” config first to allow this to work.

    The permanent network config for bridged interfaces varies by distro. The following commands outline how to set the interface up and will disappear after reboot. You are going to need console access or a seperate route into your VM as you are changing the main network interface config.

    1. Create a bridge on the host.

      ip link add name shared0 type bridge
      ip link set shared0 up

      In /etc/sysconfig/network-scripts/ifcfg-br0

    2. Attach the primary interface to the bridge, usually eth0

      ip link set eth0 up
      ip link set eth0 master shared0

      In /etc/sysconfig/network-scripts/ifcfg-eth0

    3. Reconfigure your bridge to have eth0‘s ip config.

      ip addr add dev shared0
      ip route add default via
    4. Attach containers to bridge with addresses.

      CONTAINERID=$(docker run -d --net=none busybox sleep 600)
      pipework shared1 $CONTAINERID

      Or use a DHCP client inside the container

      pipework shared1 $CONTAINERID dhclient
    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.