Manage Interfaces

I have two Nic on my Hosts. After I configured eth1 I noticed that OpenSSH to the console changed to this interface.

Container I started are only reachable over eth1. Container in a stack are reachable over both nic’s. Possible iptables?

So two question:

How can I controll on which ports SSH is running for the console?
How can I controll on which network a container is reachable?


I think you’re saying that containers you manually start are only reachable over one interface but ones Rancher starts are reachable over both? Not sure about why that might be unless you are specifying an address when you map ports through.

You can do this by specifying a host address when port mapping (-p with docker run, ports: with compose).

In my experience SSH listens on all interfaces by default, as an example from a host I run:

$ ss -ltn |grep 22
LISTEN     0      128          *:22                       *:*
LISTEN     0      128         :::22                      :::*

You have a few options around how you might control this;

  • The easy option I suppose is to switch to a persistent console and then configure SSHd in the usual way

  • I also wonder if it’s possible to use the default busybox console and use write_files to overwrite the /etc/ssh/sshd_config file, in a similar way to what is described here for ntp.conf:

Looks like to me that rancher/os-console:v0.6.1 runs with --net=host since it dosn’t show any ports:
[rancher@RancherOS ~]$ sudo system-docker port console
[rancher@RancherOS ~]$

Well with publishing port I can’t controll on which interface a container is reachable. Guess I will now play a little with docker network create -d mcvlan.

Thanks for helping

The console container is a bit ‘weird’ and I wouldn’t rely on the output of that command to be valid. The console container clearly does use port 22.

I’m not sure if that was a typo or what but I said the complete opposite you can control the interface if you are mapping ports with -p or ports:. For instance to export port 80 on the host on address and map it to port 8080 on a container:

docker run ... -p ...

1 Like