Change the IP range used by Docker

This page indicates how to change the IP ranges used by Docker.

By default, docker will use these two ranges:

  • for the bridge network (also called docker0)
  • for the docker_gwbridge network

If the procedure is followed during the installation of Cyberwatch, only steps 3 and 4 are necessary.

  1. Stop the instance:

    sudo cyberwatch stop
  2. Disconnect and remove network docker_gwbridge

  docker network disconnect -f docker_gwbridge gateway_ingress-sbox
  docker network rm docker_gwbridge
  1. Edit file /etc/docker/daemon.json:

      "bip": "",
      "default-address-pools": [
        { "base": "", "size": 24 }

    The field bip (Bridge IP) defines the IP range that network interface docker0 can use. The example reserves IP range to the interface. Beware, the range must end with .1, otherwise docker won’t start.

    The field default-address-pools defines the IP range of network interface docker_gwbridge. The example reserves IP range

  2. Restart docker:

    sudo systemctl restart docker
  3. Start Cyberwatch:

    sudo cyberwatch start
  4. Check that the IPs changed:

    docker network inspect bridge | grep Subnet
    docker network inspect docker_gwbridge | grep Subnet


Potential problem detected on CentOS.

With the suggested configuration, docker may no longer be able to restart successfully on the Cyberwatch server. The command:

systemctl restart docker

may then fail, indicating that it was impossible to create the network docker_gwbridge.

You can then use the following commands as a workaround:

ip link add name docker0 type bridge
ip addr add dev docker0

This is a onetime fix and must be applied each time you restart docker.

The problem can be fixed permanently by modifying the configuration file like this:

cat > /etc/docker/daemon.json <<EOL
  "bip": "",
  "default-address-pools": [
    { "base": "", "size": 24 }

thus giving docker a larger IP range.


Back to top