Below is my configuration of my docker containers
network
nw1: This is a private network containers in this network cannot access the internet (ping google.com doesn't work)
bridge:This is not a private network and is the default network of a container and containers in this network can access the internet (ping google.com works)
containers :
vm1_nw1:This container is connected to nw1(private network nw1)
vm2_nw1:This conatiner is connected to nw1(private network nw1)
ext_world_vm :This container is connected to both networks(nw1,bridge)
with the below configuration i was able to ssh from ext_world_vm to vm1_nw1 and vm2_nw1 i.e the containers vm1_nw1 and vm2_nw1 can be accessed using ext_world_vm container
#!/bin/bash
docker run --privileged --name vm1 -itd ubuntu
docker exec vm1 useradd -c "saiteja" -m saiteja
docker exec vm1 echo "saiteja:saiteja"|chpasswd
docker exec vm1 apt-get update -y
docker exec vm1 apt-get install net-tools -y
docker exec vm1 apt-get install iproute2 -y
docker exec vm1 apt-get install iputils-ping -y
docker exec vm1 apt-get install curl -y
docker exec vm1 apt-get install iptables -y
docker exec vm1 apt-get install openssh-server -y
docker exec vm1 apt-get install ssh -y
docker exec vm1 service ssh restart
docker commit vm1 vm_with_nw:latest
docker network create -d bridge nw1 --internal
docker run --privileged --name vm1_nw1 -itd --network=nw1 vm_with_nw
docker run --privileged --name vm2_nw1 -itd --network=nw1 vm_with_nw
docker run --privileged --name ext_world_vm -itd vm_with_nw:latest
docker network connect nw1 ext_world_vm
docker exec ext_world_vm service ssh start
docker exec ext_world_vm service ssh restart
docker inspect ext_world_vm
echo -n "enter ext_world_vm_ip:"
read ext_world_vm_ip
docker exec vm1_nw1 iptables -P FORWARD DROP
docker exec vm1_nw1 iptables -A INPUT -m state --state INVALID -j DROP
docker exec vm1_nw1 iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
docker exec vm1_nw1 iptables -A INPUT -i lo -j ACCEPT
docker exec vm1_nw1 iptables -A INPUT -s ${ext_world_vm_ip} -j ACCEPT
docker exec vm1_nw1 service ssh start
docker exec vm1_nw1 service ssh restart
docker exec vm1_nw1 iptables -P INPUT DROP
docker exec vm2_nw1 iptables -P FORWARD DROP
docker exec vm2_nw1 iptables -A INPUT -m state --state INVALID -j DROP
docker exec vm2_nw1 iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
docker exec vm2_nw1 iptables -A INPUT -i lo -j ACCEPT
docker exec vm2_nw1 iptables -A INPUT -s ${ext_world_vm_ip} -j ACCEPT
docker exec vm2_nw1 service ssh start
docker exec vm2_nw1 service ssh restart
docker exec vm2_nw1 iptables -P INPUT DROP
echo "done"
The following is my problem statement
now i want to configure these containers as follows
1st configuration: The containers vm1_nw1,vm2_nw1 must be able to access the internet via ext_world_vm (i.e ext_world_vm must act as gateway for vm1_nw1,vm2_nw1 ping google.com should work from vm1_nw1,vm2_nw1)
The following is what i have tried but the outcome was not successful:
ext_world_vm
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
iptables -A INPUT -i eth0 -j ACCEPT
iptables -A INPUT -i eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -j ACCEPT
vm1_nw1,vm2_nw1:
route add default gw <ext_world_vm ip address> eth0
please help me configure such that the containers in private(vm1_nw1,vm2_nw1) network can access the internet using the container in bridge network(ext_world_vm i.e it should act as gateway for vm1_nw1,vm2_nw1)
