Search code examples
dockervagrantvagrantfile

Docker container can ping outside even if it has only a private network

I'm trying to create a Vagrant project with: 1. A VirtualBox VM(Ubonda) with internet access (bridged) that can communicato only with the 2. 2. A Docker container(Slave-Connector) that can communicate with 1. (bridged) and with 3. (host only) 3. A Docker(Slave1) container that is only accessible by 2.

This is my VagrantFile:

Vagrant.configure("2") do |config|
  config.vm.define "ubonda" do |vm0|
    vm0.vm.box = "hashicorp/precise64"
    vm0.vm.provider "virtualbox"

    vm0.vm.network "public_network", ip: "192.168.1.75", bridge: "wlan0"
  end

  config.vm.define "slave-connector" do |vm1|
    vm1.vm.hostname = "slave-connector"
    vm1.vm.provider "docker" do |d|
      d.build_dir = "."
      d.name = 'slave-connector'
    end 

    vm1.vm.network :public_network, type: "dhcp", bridge: "wlan0", docker_network__ip_range: "192.168.1.252/24"
    vm1.vm.network :private_network,ip: "172.20.128.2", netmask: "16"
  end

  config.vm.define "slave1" do |vm2|
    vm2.vm.hostname = "slave1"
    vm2.vm.provider "docker" do |d|
      d.build_dir = "."
      d.name = 'slave1'
    end 

    vm2.vm.network :private_network,ip: "172.20.128.3", netmask: "16"
  end
end

I don't know why but Slave1 can ping Ubonda even if it hasn't an access to it! How can I achieve this?

Solution

  • I think that the correct way of achieving this is to

    1. Create docker network:
    docker network create bridge2 --gateway=192.168.50.1 --subnet=192.168.50.1/24
    1. Check the network id:
    docker network ls
    1. Put in the Vagrantfile:
        Vagrant.configure("2") do |config|
      config.vm.define "ubonda" do |vm0|
        vm0.vm.box = "hashicorp/precise64
        vm0.vm.provider "virtualbox"
    
        vm0.vm.network "public_network", ip: "192.168.50.4", bridge: "br-9ed82ac09f1b"
       end
    
      config.vm.define "slave-connector" do |vm1|
        vm1.vm.hostname = "slave-connector"
        vm1.vm.provider "docker" do |d|
          d.build_dir = "."
          d.name = 'slave-connector'
        end 
    
        vm1.vm.network :public_network, ip: "192.168.50.5", bridge: "br-9ed82ac09f1b"
        vm1.vm.network :private_network,ip: "50.20.128.2", netmask: "16", , docker_network__internal: true
       end
    
       config.vm.define "slave1" do |vm2|
         vm2.vm.hostname = "slave1"
         vm2.vm.provider "docker" do |d|
           d.build_dir = "."
           d.name = 'slave1'
         end    
    
         vm2.vm.network :private_network,ip: "50.20.128.3", netmask: "16", docker_network__internal: true
       end
    end