7:24 a.m.
Hi,
My server has multiple network interfaces.
- bond0.3 <- default route via 192.168.3.1
- bond0.7 <- lower priority interface via 192.168.7.1
In this case I want my containers to be using bond0.7.
I add a separate routing table and prepare default route:
echo "7 CONTAINERS" >> /etc/iproute2/rt_tables
sudo ip route add default via 192.168.7.1 table CONTAINERS
sudo ip route add 192.168.7.1 dev bond0.7 table CONTAINERS
sudo ip rule add from 10.89.0.0/24 lookup CONTAINERS
For this I am using rootful containers, though I plan to adapt these to
be rootless when I get them working.
sudo podman network create -d bridge net1
sudo podman run -dt --name test --network net1 --cap-add NET_RAW --rm busybox
sudo podman exec -it test ash
/ # wget -q -O - ifconfig.me
Nothing.........
/ # ip route get 1.1.1.1
1.1.1.1 via 10.89.0.1 dev eth0 src 10.89.0.2
/ # ip route
default via 10.89.0.1 dev eth0
10.89.0.0/24 dev eth0 scope link src 10.89.0.2
/ # traceroute 1.1.1.1
traceroute to 1.1.1.1 (1.1.1.1), 30 hops max, 46 byte packets
1 128bedbab28b (10.89.0.2) 3034.227 ms !H 3039.811 ms !H 3039.875 ms !H
Now if I delete the rule:
sudo ip rule del from 10.89.0.0/24 lookup CONTAINERS
and do something like a traceroute (which takes the default route out):
traceroute to 1.1.1.1 (1.1.1.1), 30 hops max, 46 byte packets
1 host.containers.internal (10.89.0.1) 0.006 ms 0.005 ms 0.004 ms
2 192.168.3.1 (192.168.3.1) 0.562 ms 0.815 ms 0.766 ms
...
then add the rule:
sudo ip rule add from 10.89.0.0/24 lookup CONTAINERS
/ # traceroute 1.1.1.1
traceroute to 1.1.1.1 (1.1.1.1), 30 hops max, 46 byte packets
1 host.containers.internal (10.89.0.1) 0.008 ms 0.005 ms 0.004 ms
2 192.168.7.1 (192.168.7.1) 0.533 ms 0.558 ms 0.440 ms
it works.
The issue is I want to add the routing rules when my machine boots up.
I was able to reproduce the same problem with Docker.
--
Daniel Gray 0x41911F722B0F9AE3
https://mastodon.social/@dngray