Community Container in LAN - how to

dandtech · December 31, 2023, 12:54pm

Hi there,

Start using Greenbone Community Docker Containers.
My host is linux OS - install all OK.
I can login on the web interface 127.0.0.1:9392. All good.

Trouble:
Because the containers as per official workflow using docker-compose installation are using docker bridge they are in a different LAN (172.18.0.1/16) and can’t scan IPs from host’s LAN (192.168.1.1/24)
How and what to adjust to make them in 192.168.1.1/24?

Thank you,
D.D.

rippledj · January 1, 2024, 2:48pm

To make a Docker container have an IP address on the same subnet as the host, you would typically use Docker’s ‘macvlan’ network driver. This driver makes it possible for the container to appear as a physical device on your network, having its own IP address on the host’s subnet.

dandtech · January 1, 2024, 5:00pm

Hi rippledj,

The current containers run/start using docker-compose. How to modify the .yml file to change the network of the containers to “macvlan” instead of the default?

Thank you!
D.D.

rippledj · January 2, 2024, 2:59pm

I see how the official macvlan documentation doesn’t provide you with all the information you need since it does not cover docker-compose.yml implementation. However, I suggest you also read the docker compose documentation to understand how it works.

You can add macvlan networking to the docker-compose.yml file as follows, but I’m not 100% sure that this solution will provide a fully functional set of Greenbone Docker containers. You may need someone with more experience of how Greenbone works with Docker to confirm.

At the bottom of the docker-compose.yml file you need to add the network configuration and give it a name.

networks:
  macvlan_network:
    driver: macvlan
    driver_opts:
      parent: eth0  # Replace with your host's network interface
    ipam:
      config:
        - subnet: 192.168.1.0/24 
          gateway: 192.168.1.1

You also need to add this newly created network configuration to components. So you should add this to the ospd-openvas service.

    networks:
      - macvlan_network
      - default

This will add the container to both the macvlan network and the default network. The container needs to still be on the default network in order to communicate with other containers and volumes.

Then you can check the IP address assigned to the container.

docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' <container_id>

It should show two IP addresses one should be on your local network. However, I’m not sure this is enough for a fully functional Greenbone instance that can see devices on the local network.

dandtech · January 2, 2024, 5:05pm

Thank you rippledj!
For sure I have to get into the details about docker-compose yml file.