Communication between two servers using Portainer

Hi Everyone,

Wondering if anyone can help. I have two servers on the same domain sitting behind 1 firewall. One server has portainer installed with a gateway of 172.17.0.1 and a subnet of 172.17.0.0/16. Server two can ping the main gateway of 172.17.0.1 but cant communicate with any device behind that gateway. Any ideas why and how i can resolve this?

Kind Regards

Jack

i think you need to enable ipv4 forwarding and iptables MASQUERADE on the gateway.

With it being 2 servers would it be worth just creating a swarm and a overlaying network. Is this better practice in your opinion?

Thank you for your reply btw.

I assume other than creating a swarm and overlay network this would be what you are talking about Mark?

So, 172.17.0.0 is the docker vlan?

If you setup an overlay network, you would still need something to forward/proxy requests from outside to inside. So if you want to hit 172.17.0.5 and your client only has routing information to get to 172.17.0.1 then that machine needs to have routing setup on it with ipv4 forwarding and iptables masquerade.

If you setup the overlay network, you could use docker-compose to bring up an nginx proxy and configure it to proxy requests to 172.17.0.5 (or whatever ip/service is on the overlay network).

I think this is more easily solved with regular networking. On the client you tell it that any request for 172.17.0.0 should route through 0.1 GW. On the GW, forward packets, and use iptables to do nat / masquerade from the 172.17 interface to the subnet.

You can really only talk to swarm overlay networks if you are another swarm (or compose) service running on a node that is part of the swarm. ( i think ) and they have to be attachable overlay networks (just a flag, not a big deal). If they’re not attachable then only service launched with docker stack deploy can use them.

I haven’t had success with traefik, but you could look at that as some kind of automatic routing endpoint/gateway from outside the network into the docker networks. It’s basically nginx with a lot of plugins that auto-configure stuff for docker and other infrastructure mgt tools.

https://traefik.io/

Thank you for your feedback. This it should be a simple thing to turn this on for both servers as they are sitting on the same network. See below:

host1: eth0/192.168.7.1, docker0/172.17.0.0/16
host2: eth0/192.168.8.1, docker0/172.18.0.0/16

So would it be just be as simple as:

$ sudo iptables -P FORWARD ACCEPT

Kind Regards

Jack