HowTo:Docker 172 Fix: Difference between revisions
m Protected "HowTo:Docker 172 Fix" ([Edit=Allow only administrators] (indefinite) [Move=Allow only administrators] (indefinite)) |
|||
| Line 17: | Line 17: | ||
sudo service docker restart | sudo service docker restart | ||
== | == Docker exposed ports Fix == | ||
Background | |||
Docker ignores most firewall rules and opens ports directly to the external network interface. | |||
The Fix | |||
Instead of globally defining the port (which also opens it externally), bind the port to the localhost only using the following: | |||
Revision as of 10:31, 11 December 2025
Background
VT uses a chunk of the 172 private network address space for it's internal private addressing. Docker comes pre-configured to also uses 172.17.0.0/12 which will cause the internal system to ignore any external 172.17.x.x/12 address trying to access the system. To fix this you need to reconfigure your docker to use a different address space like 192.168.x.x/16 or a 10.1.x.x/16 (tech also uses 10.6+.x.x for their networking so this is less safe although 10.5 and lower are guaranteed to be free).
The Fix
To apply the docker fix on the machine running docker, create a file called /etc/docker/daemon.json with the following:
{
"default-address-pools":
[
{"base":"10.1.0.0/16","size":24}
]
}
Followed by:
sudo service docker restart
Docker exposed ports Fix
Background
Docker ignores most firewall rules and opens ports directly to the external network interface.
The Fix
Instead of globally defining the port (which also opens it externally), bind the port to the localhost only using the following: