BestHub
Sign in
Operations 27 min read

Mastering Docker Container Networking: Modes, Bridge Setup, and Namespace Tricks

This guide explains Docker's built‑in network types, the four container network modes, how bridges and veth pairs work, and provides step‑by‑step commands for creating and managing network namespaces and custom bridges.

Liangxu Linux
Liangxu Linux
Liangxu Linux
Mastering Docker Container Networking: Modes, Bridge Setup, and Namespace Tricks

Docker default networks

Docker creates three default networks: bridge, host, and none. List them with docker network ls. The bridge network is the default; Docker creates a virtual bridge docker0 on the host, assigns each container an IP from the bridge subnet, and connects the container’s eth0 via a veth pair.

Network modes

bridge (default): creates a private bridge ( docker0) and connects containers with veth pairs. Port mapping ( -p) adds DNAT rules in iptables for external access.

host : the container shares the host’s network namespace; it uses the host’s IP and ports directly.

container : the new container shares the network namespace of an existing container (specified with --network container:NAME_OR_ID), thus sharing IP and ports while keeping separate filesystem and processes.

none : the container gets an isolated network namespace with only the loopback interface; no veth pair or IP is configured.

Bridge mode details

When a container starts in bridge mode Docker creates a veth pair: one end stays on the host attached to docker0, the other becomes eth0 inside the container. Example:

# docker run -it --name mycontainer busybox
# ifconfig
eth0  Link encap:Ethernet  HWaddr 02:42:ac:11:00:02
      inet addr:172.17.0.2  Bcast:172.17.255.255  Mask:255.255.0.0

Expose a service with port mapping:

# docker run -d -p 8080:80 nginx
# docker port nginx
80/tcp -> 0.0.0.0:8080

Linux network namespaces (ip netns)

Manage namespaces with ip netns (requires sudo). Create a namespace:

# ip netns add ns0
# ip netns list
ns0

Bring up the loopback interface:

# ip netns exec ns0 ip link set lo up
# ip netns exec ns0 ping -c 1 127.0.0.1

veth pairs

Create a veth pair and move each end into a different namespace:

# ip link add veth0 type veth peer name veth1
# ip netns add ns1
# ip link set veth0 netns ns0
# ip link set veth1 netns ns1
# ip netns exec ns0 ip link set veth0 up
# ip netns exec ns0 ip addr add 192.0.0.1/24 dev veth0
# ip netns exec ns1 ip link set veth1 up
# ip netns exec ns1 ip addr add 192.0.0.2/24 dev veth1
# ip netns exec ns0 ping -c 2 192.0.0.2
# ip netns exec ns1 ping -c 2 192.0.0.1

The ping succeeds, demonstrating communication between two isolated namespaces.

Custom bridge networks

Create a user‑defined bridge with a specific subnet and gateway:

# docker network create -d bridge --subnet 192.168.2.0/24 --gateway 192.168.2.1 mybridge
# docker run -it --network mybridge busybox ifconfig

The container receives an IP from the custom subnet (e.g., 192.168.2.2) and can communicate with other containers on the same network.

Advanced daemon configuration

Change the default bridge IP range or enable a registry mirror by editing /etc/docker/daemon.json (e.g., set "bip": "192.168.1.5/24"). Reload and restart the daemon:

# systemctl daemon-reload
# systemctl restart docker

Enable remote API access:

# dockerd -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock

Then manage the remote host with docker -H 192.168.203.138:2375 ps.

Practical examples

Share network namespace: docker run --network container:b3 --name b2 busybox.

Host mode: docker run --network host --name web busybox – container uses host interfaces directly.

None mode: docker run --network none --name isolated busybox – only lo is present.

Specify DNS: docker run --dns 114.114.114.114 ....

Add static host entry: docker run --add-host www.example.com:1.1.1.1 ....

Port publishing

Expose container ports with -p in several forms: -p 80 – map container port 80 to a random host port. -p 8080:80 – map host port 8080 to container port 80. -p 192.168.203.138::80 – map container port 80 to a random port on the specified host IP. -p 192.168.203.138:49153:80 – map host IP : port 49153 to container port 80.

Check mappings with docker port CONTAINER and view the generated iptables NAT rules.

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

bridgecontainer networkingNetwork NamespaceVethip-netnshost-mode
Liangxu Linux
Written by

Liangxu Linux

Liangxu, a self‑taught IT professional now working as a Linux development engineer at a Fortune 500 multinational, shares extensive Linux knowledge—fundamentals, applications, tools, plus Git, databases, Raspberry Pi, etc. (Reply “Linux” to receive essential resources.)

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment