docker-compose creates a network which is not inside the company’s VPN

  docker, docker-compose, firewall, java, vpn

Intro

  • I have a microservice running inside a docker container.
  • The docker container is running on the company’s server (Debian 10) with the IP address 141.45.146.55.
  • The companys IP addresses are of the form 141.45.0.0/16 (see the iptables rules below).
  • This microservice needs to talk with an another server with the following IP-Address: 141.45.11.192.

Problem

Everything works fine, until I turn on the following VPN:

Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             state ESTABLISHED
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  141.45.0.0/16        anywhere
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:8443 state NEW,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:8636 state NEW,ESTABLISHED

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain DOCKER (0 references)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             172.18.0.2           tcp dpt:postgresql
ACCEPT     tcp  --  anywhere             172.18.0.3           tcp dpt:https
ACCEPT     tcp  --  anywhere             172.18.0.4           tcp dpt:https
ACCEPT     tcp  --  anywhere             172.18.0.5           tcp dpt:https

Chain DOCKER-ISOLATION-STAGE-1 (0 references)
target     prot opt source               destination

Chain DOCKER-ISOLATION-STAGE-2 (0 references)
target     prot opt source               destination

Chain DOCKER-USER (0 references)
target     prot opt source               destination

The mircoservice throws now an exception Caused by: java.net.ConnectException: Connection timed out

What I did so far

Looking at the iptables rules we can see that the network-addresses created by docker-compose are different from the IP addresses of the company. So I think thats the point, because if I am outside the companys network I am not able to connect with the aimed server.

Question

How to config docker(-compose) to be inside the companies VPN, in order to be accepted by the remote server?

Source: Docker Questions

LEAVE A COMMENT