This question already has an answer here:
DOCKER: Linux Container on Windows 10, how to use nmap to scan device's mac address
(1 answer)
Closed 2 years ago.
My goal is to make my Linux container live on the same lan as host and other devices.
Because I need to use nmap frequently to scan the devices mac address on the lan. Unfortunately, the nmap scanning is only working when these machines all live on the same subnet.
I've tried several ways to make it happen, but all failed.
Although there are lots of instructions about how to do this, seem like they are all for Docker for Linux.
For example, a very detailed instructions from stackoverflow:
Docker on CentOS with bridge to LAN network is also not working for me.
Things I've tried:
Macvlan:
it seems like Docker for Windows 10 doesn't support macvlan due to I have no way to make Windows network adapter as parent..
Pipework:
which is only working on Linux system but I am using Windows 10..
Modify bip from daemon.json:
I tried, which will set docker0 to static IP then container is still not able to ping devices on the LAN. I guess it's because the container is placed at NAT and change docker0 bridge ip won't be able to achieve my goal.
Run image with --net host:
which ifconfig shows:
docker0 Link encap:Ethernet HWaddr 02:42:2d:b8:0b:7c
inet addr:172.17.0.1 Bcast:172.17.255.255 Mask:255.255.0.0
inet6 addr: fe80::42:2dff:feb8:b7c/64 Scope:Link
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:540 (540.0 B)
eth0 Link encap:Ethernet HWaddr 02:50:00:00:00:01
inet addr:192.168.65.3 Bcast:192.168.65.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:111 errors:0 dropped:0 overruns:0 frame:0
TX packets:147 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:9701 (9.7 KB) TX bytes:10384 (10.3 KB)
hvint0 Link encap:Ethernet HWaddr 00:15:5d:0d:52:27
inet addr:10.0.75.2 Bcast:0.0.0.0 Mask:255.255.255.0
inet6 addr: fe80::215:5dff:fe0d:5227/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:359819 errors:0 dropped:1303 overruns:0 frame:0
TX packets:1157 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:54740692 (54.7 MB) TX bytes:103676 (103.6 KB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:57 errors:0 dropped:0 overruns:0 frame:0
TX packets:57 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:5732 (5.7 KB) TX bytes:5732 (5.7 KB)
It's able to ping everything on my subnet, but the IP is still not from my subnet but 192.168.65.3.
Then I was trying to change the eth0 ip to static IP by editing /etc/network/interface.d/eth0, after restart networking service, the eth0 ip is changed to static ip from my subnet, but the network is not working anymore.
PLEASE, if anyone here knows how to place Windows 10's Linux Container on the LAN as same as host's.
My Docker Version
Client:
Version: 18.03.1-ce
API version: 1.37
Go version: go1.9.5
Git commit: 9ee9f40
Built: Thu Apr 26 07:12:48 2018
OS/Arch: windows/amd64
Experimental: false
Orchestrator: swarm
Server:
Engine:
Version: 18.03.1-ce
API version: 1.37 (minimum version 1.12)
Go version: go1.9.5
Git commit: 9ee9f40
Built: Thu Apr 26 07:22:38 2018
OS/Arch: linux/amd64
Experimental: false
I'm still working on this, but your assertion that macvlan doesn't work on Windows 10 is incorrect. Using some of the instructions in the question you linked, I got a fairly functional macvlan network set up on Windows 10. I'm still wrestling with getting hosts on my network to be able to ping hosts on the macvlan network.
Here's what I did:
In an admin powershell window: Set-NetIPInterface -ifindex <interface_index> -Forwarding Enabled setting (use Get-NetAdapter to get list of network adapters and their ifindex numbers)
docker network create routed0 --subnet 192.168.2.0/24 replacing 192.168.2.0/24 with the correct network number and netmask bits for the network you want to assign to the routed0 network
For me, this yielded a docker network via which attached containers could successfully talk with internet hosts via the router for 192.168.1.0/24. However, I have yet to figure out how to configure the windows 10 box acting as the gateway for 192.168.2.0/24 to actually act as a gateway (and do things like route ICMP requests from hosts on 1.0/24 to the docker network 2.0/24 that it's hosting).
I had posted another question which is the same root cause of this question. Therefore, they could apply to the same solution.
The solution is post on
DOCKER: Linux Container on Windows 10, how to use nmap to scan device's mac address
Related
We have several devices that create an access point using wlan1 with hostapd. The problem is that all of them come with the same MAC address for wlan1, which translates in all the devices having the same BSSID, so when we have more than one device at range we cannot connect to any of them. We have tried to change the BSSID in several ways, and all of them have an effect on the HWaddr shown in the ifconfig output, but when we scan the network from a client, we don't see this change, but the original BSSID for all the devices instead.
We can see that the MAC address for this wlan1 interface is stored in /sys/class/net/wlan1/address, which is a read-only file with the content: 02:03:7f:d7:00:01, which is the BSSID that we see for all the devices.
The question is then how can we change the BSSID for the APs, so we can see an effect on the client side, resulting in different networks with different BSSIDs so we can establish connection to different devices when they are all at range?
Things we have tried to change the BSSID
With hostapd configuration file
/etc/hostapd_wlan1.conf
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0
interface=wlan1
driver=nl80211
# WPA2-AES encryption
bssid=DC:EC:BE:91:EA:F1
ssid=ap-wlan1-ccee
auth_algs=1
wpa=2
wpa_key_mgmt=WPA-PSK
wpa_pairwise=CCMP
wpa_passphrase=password-wpa2aes
# IEEE 802.11ac
hw_mode=a
channel=36
ieee80211ac=1
ieee80211n=1
Which is run with /usr/sbin/hostapd /etc/hostapd_wlan1.conf using SysVinit
ifconfig output after reboot
wlan1 Link encap:Ethernet HWaddr DC:EC:BE:91:EA:F1
inet addr:192.168.46.30 Bcast:192.168.46.255 Mask:255.255.255.0
inet6 addr: fe80::deec:beff:fe91:eaf1%lo/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1016 errors:0 dropped:0 overruns:0 frame:0
TX packets:977 errors:0 dropped:7 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:134304 (131.1 KiB) TX bytes:135467 (132.2 KiB)
With ip commands
ip link set wlan1 down
ip link set dev wlan1 address DC:EC:BE:91:EA:F1
ip link set wlan1 up
ifconfig output
wlan1 Link encap:Ethernet HWaddr DC:EC:BE:91:EA:F1
inet addr:192.168.46.30 Bcast:192.168.46.255 Mask:255.255.255.0
inet6 addr: fe80::deec:beff:fe91:eaf1%lo/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1016 errors:0 dropped:0 overruns:0 frame:0
TX packets:977 errors:0 dropped:7 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:134304 (131.1 KiB) TX bytes:135467 (132.2 KiB)
WirelessNetView result for any case
change the .conf is useless because every time you reboot, a new conf will replace it.
in
/lib/netifd/wireless/mac80211.sh
mac80211_prepare_vif()
try to change $macaddr which is the final bssid.
wish it will be helpful.
I have a stack with 2 servcies:
1. dockercloud/haproxy as load balancer
2. mycustom/nginx for ssl termination
I have 2 hosts and each service has 2 containers. One on every host.
Host 1:
* Haproxy-1 (IP: 10.7.0.9)
* Nginx-1 (IP: 10.7.0.7)
Host 2:
* Haproxy 2 (IP: 10.7.0.10)
* Nginx 2 (IP: 10.7.0.8)
The problem is that i can't connect from a container on host 1 to a container on host 2.
When connecting on host 1 and trying to traceroute Haproxy 2 (10.7.0.7) i get this:
traceroute to 10.7.0.7 (10.7.0.7), 30 hops max, 60 byte packets 1
10.7.255.254 (10.7.255.254) 2997.863 ms !H 2997.704 ms !H 2997.684 ms !H
Any suggestions how to fix this?
Edit
docker info
Containers: 12
Running: 11
Paused: 0
Stopped: 1
Images: 12
Server Version: 1.11.1-cs1
Storage Driver: aufs
Root Dir: /var/lib/docker/aufs
Backing Filesystem: extfs
Dirs: 90
Dirperm1 Supported: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: null host bridge weavemesh
Kernel Version: 3.16.0-4-amd64
Operating System: Debian GNU/Linux 8 (jessie)
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 5.813 GiB
Name: Debian-85-jessie-64-minimal
ID: BV3I:KVWH:L45Q:CV2D:IOTX:BG7W:YAUV:S4QG:AJ44:BTVK:J3VJ:RWJA
Docker Root Dir: /var/lib/docker
Debug mode (client): false
Debug mode (server): false
Registry: https://index.docker.io/v1/
WARNING: No memory limit support
WARNING: No swap limit support
WARNING: No kernel memory limit support
WARNING: No oom kill disable support
WARNING: No cpu cfs quota support
WARNING: No cpu cfs period support
docker version
Client:
Version: 1.11.1-cs1
API version: 1.23
Go version: go1.5.4
Git commit: bfd1f99
Built: Wed Apr 27 22:35:34 2016
OS/Arch: linux/amd64
Server:
Version: 1.11.1-cs1
API version: 1.23
Go version: go1.5.4
Git commit: bfd1f99
Built: Wed Apr 27 22:35:34 2016
OS/Arch: linux/amd64
docker network ls
NETWORK ID NAME DRIVER
719bbcb667f2 bridge bridge
acb91ed95ada dockercloud weavemesh
c4be8b540ad6 host host
c57e28b9d274 none null
8d3859eb8bfd weave weavemesh
I used dockercloud to setup the services. So i didn't use any commands on my own.
EDIT 2
Here is ifconfig of nginx-1:
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:07
inet addr:172.17.0.7 Bcast:0.0.0.0 Mask:255.255.0.0
inet6 addr: fe80::42:acff:fe11:7%32596/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:530 errors:0 dropped:0 overruns:0 frame:0
TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:45267 (44.2 KiB) TX bytes:956 (956.0 B)
ethwe1 Link encap:Ethernet HWaddr DE:1C:3F:DF:E9:0C
inet addr:10.7.0.7 Bcast:0.0.0.0 Mask:255.255.0.0
inet6 addr: fe80::dc1c:3fff:fedf:e90c%32596/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1410 Metric:1
RX packets:62 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:5164 (5.0 KiB) TX bytes:648 (648.0 B)
Here is ifconfig of nginx-2:
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:08
inet addr:172.17.0.8 Bcast:0.0.0.0 Mask:255.255.0.0
inet6 addr: fe80::42:acff:fe11:8%32566/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:174 errors:0 dropped:0 overruns:0 frame:0
TX packets:21 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:14399 (14.0 KiB) TX bytes:2076 (2.0 KiB)
ethwe1 Link encap:Ethernet HWaddr B2:A0:36:AF:0B:95
inet addr:10.7.0.8 Bcast:0.0.0.0 Mask:255.255.0.0
inet6 addr: fe80::b0a0:36ff:feaf:b95%32566/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1410 Metric:1
RX packets:643722 errors:0 dropped:0 overruns:0 frame:0
TX packets:369311 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:66498273 (63.4 MiB) TX
bytes:31055890 (29.6 MiB)
I've setup a CoreOs host with a public routable /64 ipv6 Subnet.
From within the host i have a global ipv6 address which is working fine but i can't get access to ipv6 hosts from within any docker container.
These are my current settings to my docker deamon:
DOCKER_OPTS=--dns 8.8.8.8 --dns 8.8.4.4 --ipv6 --fixed-cidr-v6='2a03:4000:6:e0d0::/64'
Adding --ip-forward=false or the google ipv6 DNS servers doesn't help either
Only if I add --net=host it works so I think I'm missing a fundamental network configuration part.
ifconfig from within an ubuntu:latest docker container shows this:
eth0 Link encap:Ethernet HWaddr 02:42:ac:11:00:02
inet addr:172.17.0.2 Bcast:0.0.0.0 Mask:255.255.0.0
inet6 addr: fe80::42:acff:fe11:2/64 Scope:Link
inet6 addr: 2a03:4000:6:e0d0:0:242:ac11:2/64 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:19 errors:0 dropped:4 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1565 (1.5 KB) TX bytes:676 (676.0 B)
What special configuration do i need to do to get this working?
Here is how I run my docker container -
docker run --name docker-test-server -p 5000:5000 -p 4444:4444
Container OS - Ubuntu 14.04 LTS
Now since I have mapped 4444 of container to that of machine, I try to connect -
root#localhost:/var/repo# nc -vz 127.0.0.1 4444
Connection to 127.0.0.1 4444 port [tcp/*] succeeded!
Now I enter the shell -
docker exec -it docker-test-server /bin/bash
Successfully entering, I try to get the IP address of the machine.
root#ec919687cda8:/# ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:ac:11:00:09
inet addr:172.17.0.9 Bcast:0.0.0.0 Mask:255.255.0.0
inet6 addr: fe80::42:acff:fe11:9/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2227 errors:0 dropped:0 overruns:0 frame:0
TX packets:2199 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:166686 (166.6 KB) TX bytes:121473 (121.4 KB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Now I come out of the container, and try to connect to the container from the machine where the container is running by providing the IP address of container found in ifconfig -
nc -vz 172.17.0.9 4444
nc: connect to 172.17.0.9 port 4444 (tcp) failed: Connection refused
Could someone, please explain me
why am I unable to connect to the machine?
What can I do to connect to the machine?
I am running a bare container that just installs ubuntu 14.04 and exposes 2 ports. Nothing fancy.
Thanks.
You need to either disable the firewall or add port to your ubuntu firewall by using sudo ufw disable or sudo ufw
I was also facing the same issue but instead of connection refused, I got timeout.
I've installed docker on several ubuntu servers.
Docker creates docker0 all have the same IP (172.17.42.1).
$ ifconfig docker0
docker0 Link encap:Ethernet HWaddr 56:84:7a:fe:97:99
inet addr:172.17.42.1 Bcast:0.0.0.0 Mask:255.255.0.0
inet6 addr: fe80::5484:7aff:fefe:9799/64 Scope:Link
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:31 errors:0 dropped:0 overruns:0 frame:0
TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2100 (2.1 KB) TX bytes:547 (547.0 B)
Can I hardcode the IP address, so that I can contact the host machine from containers?
Will the docker0 change to another IP in the future?
You are looking at the bridge that Docker creates (by default) for the containers that it runs. This bridge works pretty much like an Ethernet switch on that machine - traffic coming onto the bridge from one interface is available to all other connected interfaces.
If you look further, you will see that every container also has a Virtual Ethernet device which is assigned an individual IP address. Detailed Docker docs on networking.
Can I hardcode the IP address, so that I can contact the host machine from containers?
This doesn't follow - you can always contact the host machine from containers, irrespective of what IP addresses are assigned to the bridge and the containers. Did you mean to ask something else?
Will the docker0 change to another IP in the future?
Yes, if that address space is occupied then Docker will attempt to find a different bit of private IP address space to use for the bridge and containers.