From ff2b88202229d71803fa4759c8b0bb0842e6e1c1 Mon Sep 17 00:00:00 2001 From: Eugene Yakubovich Date: Tue, 16 Sep 2014 20:00:15 -0700 Subject: [PATCH] Add an option to disable IP masquerading For the cases where --bip option is used it is sometimes best to disable IP masquerading as the provided bridge IP range may be routable. Signed-off-by: Eugene Yakubovich Upstream-commit: a492b97cd047ad58ade8e332088f92aa040f8b54 Component: cli --- components/cli/docs/sources/reference/commandline/cli.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/components/cli/docs/sources/reference/commandline/cli.md b/components/cli/docs/sources/reference/commandline/cli.md index a43f485b48..74f1b7b3e5 100644 --- a/components/cli/docs/sources/reference/commandline/cli.md +++ b/components/cli/docs/sources/reference/commandline/cli.md @@ -67,6 +67,7 @@ expect an integer, and they can only be specified once. --icc=true Enable inter-container communication --ip=0.0.0.0 Default IP address to use when binding container ports --ip-forward=true Enable net.ipv4.ip_forward + --ip-masq=true Enable IP masquerading for bridge's IP range. --iptables=true Enable Docker's addition of iptables rules --mtu=0 Set the containers network MTU if no value is provided: default to the default route MTU or 1500 if no default route is available @@ -110,6 +111,10 @@ the `-H` flag for the client. $ sudo docker ps # both are equal +IP masquerading uses address translation to allow containers without a public IP to talk +to other machines on the Internet. This may interfere with some network topologies and +can be disabled with --ip-masq=false. + To run the daemon with [systemd socket activation]( http://0pointer.de/blog/projects/socket-activation.html), use `docker -d -H fd://`. Using `fd://` will work perfectly for most setups but