Hi there,
Start using Greenbone Community Docker Containers.
My host is linux OS - install all OK.
I can login on the web interface 127.0.0.1:9392. All good.
Trouble:
Because the containers as per official workflow using docker-compose installation are using docker bridge they are in a different LAN (172.18.0.1/16) and can’t scan IPs from host’s LAN (192.168.1.1/24)
How and what to adjust to make them in 192.168.1.1/24?
Thank you,
D.D.
To make a Docker container have an IP address on the same subnet as the host, you would typically use Docker’s ‘macvlan’ network driver. This driver makes it possible for the container to appear as a physical device on your network, having its own IP address on the host’s subnet.
1 Like
Hi rippledj,
The current containers run/start using docker-compose. How to modify the .yml file to change the network of the containers to “macvlan” instead of the default?
Thank you!
D.D.
I see how the official macvlan documentation doesn’t provide you with all the information you need since it does not cover docker-compose.yml implementation. However, I suggest you also read the docker compose documentation to understand how it works.
You can add macvlan networking to the docker-compose.yml file as follows, but I’m not 100% sure that this solution will provide a fully functional set of Greenbone Docker containers. You may need someone with more experience of how Greenbone works with Docker to confirm.
At the bottom of the docker-compose.yml file you need to add the network configuration and give it a name.
networks:
macvlan_network:
driver: macvlan
driver_opts:
parent: eth0 # Replace with your host's network interface
ipam:
config:
- subnet: 192.168.1.0/24
gateway: 192.168.1.1
- You also need to add this newly created network configuration to components. So you should add this to the ospd-openvas service.
networks:
- macvlan_network
- default
This will add the container to both the macvlan network and the default network. The container needs to still be on the default network in order to communicate with other containers and volumes.
Then you can check the IP address assigned to the container.
docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' <container_id>
It should show two IP addresses one should be on your local network. However, I’m not sure this is enough for a fully functional Greenbone instance that can see devices on the local network.
2 Likes
Thank you rippledj!
For sure I have to get into the details about docker-compose yml file.