# https://www.youtube.com/watch?v=WDQIv-Kd6hk&t=22s https://serverfault.com/questions/696747/routing-from-docker-containers-using-a-different-physical-network-interface-and # in container shell ip route get 8.8.8.8 8.8.8.8 via 10.255.224.1 dev eth0 src 10.255.224.4 # in docker shell ip -4 -br a s dev br-traefik-net1 br-traefik-net1 UP 10.255.224.1/20 ip route get 8.8.8.8 8.8.8.8 via 10.0.0.2 dev mv-enp7s0 src 10.0.0.61 uid 0 cache ip r default via 192.168.2.1 dev vee-eth1 proto static default via 10.0.0.2 dev mv-enp7s0 proto static 10.0.0.0/24 dev mv-enp7s0 proto kernel scope link src 10.0.0.61 10.255.224.0/20 dev br-traefik-net1 proto kernel scope link src 10.255.224.1 10.255.240.0/24 dev br-traefik-net2 proto kernel scope link src 10.255.240.1 172.16.224.0/24 dev br-4da896b4a65a proto kernel scope link src 172.16.224.1 172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown 172.18.0.0/16 dev br-f5ab0a59124f proto kernel scope link src 172.18.0.1 192.168.2.0/24 dev vee-eth1 proto kernel scope link src 192.168.2.6 sysctl net.ipv4.ip_forward net.ipv4.ip_forward = 1 # reply packets ip route get 10.255.224.4 10.255.224.4 dev br-traefik-net1 src 10.255.224.1 uid 0 cache ip -4 -br a s dev br-traefik-net1 br-traefik-net1 UP 10.255.224.1/20 tcpdump -ni mv-enp7s0 icmp tcpdump -ni vee-eth1 icmp #list namespaces lsns -t net cat ~/snat.conf # load config nft -f ~/snat.conf # list loaded configs nft list ruleset Change metric of default route to interface ------------------------------------------- ip r default via 192.168.2.1 dev vee-eth1 proto static default via 10.0.0.2 dev mv-enp7s0 proto static 10.0.0.0/24 dev mv-enp7s0 proto kernel scope link src 10.0.0.61 10.255.224.0/20 dev br-traefik-net1 proto kernel scope link src 10.255.224.1 10.255.240.0/24 dev br-traefik-net2 proto kernel scope link src 10.255.240.1 172.16.224.0/24 dev br-2a6971a42c02 proto kernel scope link src 172.16.224.1 172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown 172.18.0.0/16 dev br-aa39a4420c90 proto kernel scope link src 172.18.0.1 192.168.2.0/24 dev vee-eth1 proto kernel scope link src 192.168.2.6 # then delete i/f, e.g. vee-eth1 ip route del default via 192.168.2.1 # then add with metric ip route add default via 192.168.2.1 metric 50 ip r default via 10.0.0.2 dev mv-enp7s0 proto static default via 192.168.2.1 dev vee-eth1 metric 50 10.0.0.0/24 dev mv-enp7s0 proto kernel scope link src 10.0.0.61 10.255.224.0/20 dev br-traefik-net1 proto kernel scope link src 10.255.224.1 10.255.240.0/24 dev br-traefik-net2 proto kernel scope link src 10.255.240.1 172.16.224.0/24 dev br-2a6971a42c02 proto kernel scope link src 172.16.224.1 172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown 172.18.0.0/16 dev br-aa39a4420c90 proto kernel scope link src 172.18.0.1 192.168.2.0/24 dev vee-eth1 proto kernel scope link src 192.168.2.6