Containers are access by their gateway address rather than by their given address

I created a container, paired it with a network… … it looks like this:

$ show container

name dns {
  network dns {
    address xxx.xxx.0.53
  }
}
network dns {
  prefix xxx.xxx.0.0/24
}

I actually started writing this months ago, since then I learned veth interfaces are used for it, that they connect to a bridge of veth interface pairs in which the common gateway address is assigned, the x.x.x.1 or equivalent.

The container is indeed appearing to received the address assigned (…53), according to the container itself (ip a and the like) but from the network it wouldn’t respond on it own address.

I started ping tests from the container, observed the traffic from wherever I could (firewalls, switches, etc) and learned that it came from the address that it’s supposed to be the container’s gateway address (…1), and indeed it responded to that address yet that’s not what it believes, so to speak, nor what it’s supposed to have as its address.

Why? Did I misunderstand set container network dns prefix '10.53.0.53/32'¹ sets the container’s address to 10.53.0.53? If that’s not what that’s for, how can I set fixed direct addresses on containers? macvlan/ipvlan/macvtap/ipvtap for instance. I tried that too on my own but failed spectacularly. I had the most perfect config and I had to shut it down.

Thanks for your help.

Having the network and container name the same is a bit confusing on first glance.

I don’t think the network prefix with /32 can work since it is a network with the first ip reserved for the gateway and the rest for containers.

I run Tailscaile as container using a container network in a similar way. Since it is a subnet router I have traffic going through it in both directions and I see it coming from/going to the container ip.

Which version are you running?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.