See picture below for architecture.
I know there are a lot of similar questions. However, having read multiple posts and trying some out I am still unable to set up as required. So I am posting this as a new question.
Scenario:
Whilst eth0 interfaces are on the same subnet the peervpnXX interfaces are on different subnets:
Note that the peervpnXX interfaces are tunnel interfaces running on top of the eth0
Now the ip_addresses assigned to each container are as follows:
What I am trying to do is to enable c1 to communicate to c3 via the middleman c2. In principle, I am trying to:
I created a routing rule on c1 & c3 to send packets to subnets 10.23.0.0/24 & 10.12.0.0/24 via interfaces peervpn12 and peervpn23. However, I think I am missing some forwarding rule that needs to be set up on c2.
PS: Assume that the 'eth0' interface is locked down and is used only as the underlying interface to route packets of the 'peervpnXX' interface
Any help with regards to figuring this is highly appreciated.
Thank You in advance.
Shabir
Managed to find the issue.
Whilst adding the route for the container in the other subnet I haven't correctly specified the gateway. The gateway still points to the host machine in which docker is run (see above figure). So I added the correct routing rule specific to the two end-containers - c1 & c3.
c1 - ip route add 10.23.0.0/24 via 10.12.0.1 dev peervpn12
c3 - ip route add 10.12.0.0/24 via 10.23.0.1 dev peervpn23
In the meantime, had to add the correct FORWARD rules in the c2 container's iptables:
iptables -A FORWARD -s 10.12.0.2 -i peervpn12 -d 10.23.0.2 -o peervpn23 -j ACCEPT
iptables -A FORWARD -s 10.23.0.2 -i peervpn23 -d 10.12.0.2 -o peervpn12 -j ACCEPT
With this setup I was able to achieve the flow I expected.
Thank You and I don't know why it's down-voted.
Maybe if I know the reason I can correct myself in future :)