Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Isolated networking #5

Open
pablofrommars opened this issue Nov 19, 2021 · 6 comments
Open

Isolated networking #5

pablofrommars opened this issue Nov 19, 2021 · 6 comments
Labels
question

Comments

@pablofrommars
Copy link

pablofrommars commented Nov 19, 2021
edited
Loading

Thanks for your work, this has been very valuable already.

Apologies if this is off topic as it is more a question than an actual issue. I would like to be able to create an isolated network for multiple containers running on the same host along side zerotier-docker. Basically sharing the interface created by your image to a group of containers. Is this a use case you have experimented with before?
@zyclonite
Copy link
Owner

i have not tried that before but i would play with iptables on the host to forward packages between the docker network and the zt interface

@zyclonite
Copy link
Owner

i guess that's possible now with the -router tag of this container, you can simply create a container network and have one zerotier container as a gateway routing only into this virtual network

@Paraphraser
Copy link
Contributor

Rather than open a new issue, I'll just mention here that the main page on DockerHub probably needs updating too.

@zyclonite
Copy link
Owner

true, i will update it

@PovilasID
Copy link

I have taken a slightly different approach.

  1. Removing --net=host so the container gets isolated inside of its own network
  2. Change default port to away from 9993 to avoid collisions if running multiple instances.
    Add volume ./zerotier_config:/var/lib/zerotier-one and inside of it create file local.conf and add:
{
  "settings": {
    "primaryPort": 9997
  }
}
  1. In another container that needs access to ZT network set network_mode: container:zerotier_container_name (this step can differ)
    This way you can have multiple ZT containers running with access to different networks without exposing these networks to the host.

@airtonix
Copy link

airtonix commented Apr 25, 2024
edited
Loading

@PovilasID cheers.

---
version: "3.8"

services:
  arma-reforger:
    image: ghcr.io/acemod/arma-reforger:latest
    platform: linux/amd64
    # left here for posterity
    # ports:
    #   - "2001:2001/udp"
    #   - "17777:17777/udp"
    #   - "19999:19999/udp"

    volumes:
      - ./reforger/configs:/reforger/Configs
      - ./reforger/profile:/home/profile
      - ./reforger/workshop:/reforger/workshop

    environment:
      - ARMA_CONFIG
      - SERVER_PUBLIC_ADDRESS

    network_mode: service:zerotier

  zerotier:
    image: zyclonite/zerotier:latest
    cap_add:
      - NET_ADMIN
      - SYS_ADMIN
    devices:
      - /dev/net/tun
    volumes:
      - ./zerotier:/var/lib/zerotier-one

preparation zerotier:

  1. create an empty file ./zerotier/networks.d/YOUR_NETWORK_ID.conf
  2. create a file ./zerotier/local.conf with content
{
  "settings": {
    "primaryPort": 9997
  }
}
  1. docker compose run zerotier
  2. login to zerotier
  3. auth the new connection
  4. vis the provided IP address as SERVER_PUBLIC_ADDRESS

preparation arma reforger

  1. start Arma Reforger (the client) > Multiplayer > Host
  2. pick mods
  3. set public and bind ip address to same as #4
  4. press Save (note the saved file) as ARMA_CONFIG
  5. move that file to ./reforger/configs/

start:

  1. ARMA_CONFIG=Config_CombatOpsEveronRHSUSMC.json SERVER_PUBLIC_ADDRESS=1.2.3.4 docker compose up

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@airtonix @PovilasID @zyclonite @pablofrommars @Paraphraser