Correct modification steps for Docker's default network segment

Correct modification steps for Docker's default network segment

background

A colleague is working on his security project and needs to deploy his secret weapon on an AWS server. The secret weapon is deployed through Docker. Before deployment, the server can be logged in through the intranet and extranet ssh of the jump server. After deployment, the server can only be logged in through the extranet ssh.......; the symptoms are just like this, how to prescribe the medicine depends on the medical skills.....

Check your heart journey

1. Before deploying the secret weapon, it can be used in the internal and external networks; after deployment, it can only be used in the external network. Looking at this symptom, it is a network firewall problem, so~~~

1) iptables -F

2) setenforce 0

3) On AWS, set the security group of this server to inbound 0.0.0.0 (this is purely for testing, don’t do it in a formal environment~~~)

2. Is the ssh failure because the ssh configuration file has been modified? Because the port has been changed, is there a configuration in the ssh configuration file that controls whether internal and external networks can log in? So~~~

vim /etc/ssh/sshd_config and make some random changes (this shows that I don’t know enough about ssh and I’m not familiar with the configuration files, so I need to learn)

3. What the hell is this? The network is OK, and the security group is fine. For some reason, I thought of routing. I used route -n to take a look. Wow, so many routes. When I saw these routes, one of them was 172.29.0.0 (the network segment of our jump server is very similar to this one). I vaguely felt that there was a problem here (a woman's intuition is not only used to judge whether her boyfriend has a dog outside, but also whether he loves her; her intuition is still quite accurate here, haha); so~~~

 route -n
 route del -net 172.22.32.0 netmask 255.255.255.0
 route del -net 172.23.32.0 netmask 255.255.255.0
 ......

As long as all the routes related to the container are killed, and then ssh to the intranet from the jump server, wow~~~wow~~~it works, so excited~~~~

4. It was confirmed that it was the problem of that route. The network segment allocated by this container conflicted with the network segment of the jump server, so ~~~~

 route add -net 172.22.32.0 netmask 255.255.255.0
 ......

Add all the routes you just deleted except the conflicting one. Now it's time to solve this problem.

The solution at that time

After thinking about it, since there is a conflict, I must change the network segment of this container. How to change it? I used an extremely stupid method. I stopped and deleted this container, and restarted it with docker-compose. It reallocated a new network segment and there was no conflict.

Fundamental solution

Before starting the container, change the entire Docker network to one that does not conflict with our own network segment, so that Docker will always only allocate the network segment we set for it.

Operation steps: Modify docker.json to change the network segment of the entire docker. The original network segment was 172, and now I want to change it to 192

1) vim /etc/docker/daemon.json (if this file does not exist, create it yourself)

{
 "bip":"192.168.0.1/24"
}

2) Restart Docker

systemctl restart docker

3) Recheck the network segment

Note: You should think about this when initially planning to use the Docker container, and plan what network segment to use; the above method requires restarting Docker and the container;

doubt

Is there any better way to modify the network segment without stopping or deleting the container? (I will add more after I have done my research)

Summarize

1: Not familiar with the ssh configuration file (I need to go through it systematically sometime)

2: Be familiar with the network, especially routing. To be honest, I still can't explain the specific role of routing. I can only understand it intuitively. I just know that I can't do without it (after I finish the PMP exam during this period, I will start reading those books on Cisco. I won't talk about the certification, but I will read those books carefully first to strengthen my network)

3: Not familiar with Docker network mode (read the official documentation of Docker network carefully in the next period of time)

Well, that’s all for this article. I hope the content of this article will be of certain reference value to your study or work. Thank you for your support of 123WORDPRESS.COM.

You may also be interested in:
  • How to modify the default network segment of Docker0 bridge in Docker
  • Detailed explanation of Docker container cross-host multi-network segment communication solution
  • Docker realizes the connection with the same IP network segment
  • Docker specifies an IP address that is in the same network segment as the host.
  • How does Docker allocate host network segment IP?
  • Docker container specifies a fixed IP/static IP address in a custom network segment
  • Analysis of the implementation method of modifying the default network segment of Docker

<<:  Implementation example of uploading multiple attachments in Vue

>>:  mysql 5.7.19 latest binary installation

Recommend

The difference and usage of LocalStorage and SessionStorage in vue

Table of contents What is LocalStorage What is Se...

MySQL derived table (Derived Table) simple usage example analysis

This article uses an example to describe the simp...

How to install Jenkins on CentOS 8

To install Jenkins on CentOS 8, you need to use t...

Sample code for implementing neon button animation effects with CSS3.0

Today I will share with you a neon button animati...

Detailed tutorial on building Gitlab server on CentOS8.1

There is no need to say much about the difference...

Web skills: Multiple IE versions coexistence solution IETester

My recommendation Solution for coexistence of mul...

Solution to the problem of mysql service starting but not connecting

The mysql service is started, but the connection ...

Three solutions for sub-functions accessing external variables in JavaScript

Preface When we write web pages, we will definite...

Native js to achieve star twinkling effect

This article example shares the specific code of ...

Vue implements irregular screenshots

Table of contents Image capture through svg CSS p...

Several ways to use require/import keywords to import local images in v-for loop

Table of contents Problem Description Method 1 (b...

js implements the algorithm for specifying the order and amount of red envelopes

This article shares the specific code of js to im...

A brief discussion on several specifications of JS front-end modularization

Table of contents Preface The value of front-end ...

Upgrade MySQL 5.1 to 5.5.36 in CentOS

This article records the process of upgrading MyS...