Originating traffic from container from a specific IP address

Hi,

I’ve just upgraded from 24.04 to 24.10, and am struggling to get things back to the way they were in terms of networking with my custom apps.

Before, I had some containers bound to specific IP addresses on the local network such that outbound connections from those containers would come from a specific IP address on the TrueNAS box. However, I’m struggling to do this now that we’ve moved away from k8s.

To be clear, I can bind ports to a specific IP address such that the box will listen for connections on the correct IP address. It’s traffic originating from the containers that I need to come from specific IP addresses. At the moment it all comes from the first IP address on the TrueNAS’s interface.

I’ve tried setting com.docker.network.bridge.host_binding_ipv4 on the Docker network in the custom app YAML but it doesn’t seem to make any difference in this sense. All the other solutions I can find online involve custom iptables rules which I’d obviously like to avoid.

Is there another way of reproducing the behaviour I was able to get with 24.04?

Many thanks!

Use the com.docker.network.host_ipv4 option on the bridge network. It will add the correct iptables SNAT rule.

Here is the setup I used to verify that it works. Tested on TrueNAS Scale 24.10.0.2.

# Add secondary IP Adresss
$ sudo ip addr add 192.168.0.201/24 dev eno4

# Create bridge network "testnet"
$ sudo docker network create --driver=bridge --subnet=10.7.8.0/24 --gateway=10.7.8.1 --opt=com.docker.network.host_ipv4=192.168.0.201 testnet

# Verify that docker created the correct SNAT rule
$ sudo iptables-save | grep -i SNAT
-A POSTROUTING -s 10.7.8.0/24 ! -o br-3ffdb8cd1871 -j SNAT --to-source 192.168.0.201

# Launch test container
$ sudo docker run --rm --network=testnet docker.io/alpine/curl http://192.168.0.198:8000

# Test Result: Destination machine correctly sees 192.168.0.201 as the source ip
2 Likes

Amazing, thank you! That works like a charm.

1 Like