How to Attach Multiple Networks to Docker

If you have your networks isolated from each other (as you should), attaching multiple networks to docker is not a straightforward process.

For this example, we will be deploying guacamole using docker-compose

The first step is to set up your network on your platform. I'm hosting docker in a VM - you can also host it in an LXC. The steps will be slightly different for each of those

Setting up networking in a virtual machine

After passing in your interfaces to the VM, edit the file /etc/netplan/99-config.yaml

network:
  version: 2
  renderer: networkd
  ethernets:
    ens18:
      addresses:
        - 10.0.0.7/24
      routes:
        - to: 0.0.0.0/0
          via: 10.0.0.1
          metric: 100
      nameservers:
        addresses: [8.8.8.8]
      routing-policy:
        - from: 10.0.0.0/24
          table: 100
    ens20:
      addresses:
        - 10.0.10.7/24
      routes:
        - to: 0.0.0.0/0
          via: 10.0.10.1
          metric: 200
      nameservers:
        addresses: [8.8.8.8]
      routing-policy:
        - from: 10.0.10.0/24
          table: 200

Restart your virtual machine and confirm the network is up using ip a

Setting up networking in an LXC

If you're hosting docker in an LXC, edit the file /etc/network/interfaces

auto lo
iface lo inet loopback

auto ens18
iface eth0 inet static
        address 10.0.0.7/24
        gateway 10.0.0.1

auto ens20
iface eth10 inet static
        address 10.0.10.7/24
        gateway 10.0.10.1

Creating networks in docker

Get shell access to your docker host and create the following networks

docker network create --driver bridge --subnet=172.18.0.0/16 --gateway=172.18.0.1 <network_name>

docker network create --driver bridge --subnet=172.29.10.0/24 --gateway=172.29.10.1 --opt com.docker.network.bridge.name=<interface_name> <network_name>

For this example, we will assume the network_name for both networks to be host_main and host_admin

For interface_name, we will take it to be ens20

Docker stack

While deploying guacamole, we simply mention the two networks we created earlier

version: "2"
services:
  guacamole:
    image: oznu/guacamole
    container_name: guacamole
    volumes:
      - postgres:/config
    ports:
      - 8080:8080
    networks:
      - host_admin
      - host_main
      
volumes:
  postgres:
    driver: local

networks:
  host_admin:
    external: true
  host_main:
    external: true

Confirming your changes

As the final step, run the following command to confirm that your network has been passed through successfully to the guacamole container

docker exec -it guacamole ip a

Below, you can see that both our networks are attached and in the UP state.

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
44: ens18@if45: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:ac:12:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.18.0.2/16 brd 172.18.255.255 scope global eth0
       valid_lft forever preferred_lft forever
46: ens20@if47: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:ac:1d:0a:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.29.10.2/24 brd 172.29.10.255 scope global eth1
       valid_lft forever preferred_lft forever