Changing Docker's default subnet IP range

Jul 13, 2023 by Georgi Nikolov | 8370 views

Docker Linux Windows

https://cylab.be/blog/277/changing-dockers-default-subnet-ip-range

Docker containers have become widely used to deploy and maintain critical parts of infrastructure. The problem is that sometimes some of the containers running may interfere with other parts of the network.

I ran into a problem trying to deploy a machine to pull data from our experimental ELK stack, deployed in our cyber range. The ELK stack is accessible at an IP address starting with 172.17.*.* , which already at first glance, for someone with experience with Docker, will ring some alarms. Docker's default network is set-up to use the 172.17.0.0 range of IP addresses and this can lead to problems when trying to establish a connection between a docker container and another machine. Luckily, there is an easy solution to fix this!

Changing Docker's default subnet IP range

First we should confirm what default subnet Docker is using by running netstat -rn in the terminal.

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
10.67.42.0      0.0.0.0         255.255.255.0   U         0 0          0 enx04b9e3c01593
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 wlp4s0
172.17.0.0      0.0.0.0         255.255.0.0     U         0 0          0 docker0

The last line shows the subnet Docker will be using by default.

We need to create a new file, called "daemon.json", which as the name implies, will change the configuration of the Docker daemon. The file needs to be created in /etc/docker/ folder. The folder is protected, so we should create the file as a root.

sudo touch /etc/docker/daemon.json

In windows, the file should be created in C:\ProgramData\Docker\config\daemon.json.

Next we need to open the file and add some lines to it. Best is to use terminal tools such as vi or nano, depending on your preferences. We need to add some lines to the json file in the form of:

{
  "default-address-pools":
  [
    {"base":"198.10.0.0/16","size":24}
  ]
}

Finally we can restart the dockerd service:

sudo service docker restart

In Windows, his can be done via the Docker desktop interface, by accessing the "Troubleshoot" icon on the top and selecting the "Restart Docker Desktop" option.

Best to check again the routing table via the netstat -rn command just to be sure it worked.

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
10.67.42.0      0.0.0.0         255.255.255.0   U         0 0          0 enx04b9e3c01593
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 wlp4s0
198.10.0.0      0.0.0.0         255.255.0.0     U         0 0          0 docker0

In 5 easy steps we have fixed any possible issues relating to the subnet Docker uses by default!

This blog post is licensed under CC BY-SA 4.0

Changing Docker's default subnet IP range

GitLab : fix "cgroups: cgroup mountpoint does not exist: unknown"

If you use GitLab pipelines to build Docker image, you may encounter the error "cgroups: cgroup mountpoint does not exist: unknown". Here is how to fix...

Mar 27, 2024 | 138 views

Continuous Deployment with GitLab and docker-compose

In this blog post we will show how to implement continuous deployment with GitLab and docker compose. More precisely, we will show how to use a gitlab-ci pipeline to:

Sep 19, 2023 | 8997 views

Use Loki to monitor the logs of your docker compose application

Loki is a log database developed by Grafana Labs. It is similar to Elasticsearch, with some major conceptual differences:

Oct 26, 2022 | 21970 views

This website uses cookies. More information about the use of cookies is available in the cookies policy.